CVE-2023-39240

Name of the Vulnerable Software and Affected Versions ASUS RT-AX55 versions (affected versions not specified) ASUS RT-AX56U V2 versions (affected versions not specified) ASUS RT-AC86U versions (affected versions not specified)

Description The issue is related to a format string vulnerability in the iperf client function API of the affected ASUS routers. This vulnerability is caused by a lack of validation for a specific value within the set iperf3 cli.cgi module. A remote attacker can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation, or disrupt service.

Recommendations For ASUS RT-AX55, update to a version that fixes the format string vulnerability in the set iperf3 cli.cgi module. For ASUS RT-AX56U V2, update to a version that fixes the format string vulnerability in the set iperf3 cli.cgi module. For ASUS RT-AC86U, update to a version that fixes the format string vulnerability in the set iperf3 cli.cgi module. As a temporary workaround, consider restricting access to the set iperf3 cli.cgi module until a patch is available.