CVE-2023-35087

Name of the Vulnerable Software and Affected Versions ASUS RT-AX56U V2 version 3.0.0.4.386 50460 ASUS RT-AC86U version 3.0.0.4 386 51529

Description The issue is related to a format string vulnerability in the cm processChangedConfigMsg function of the AiMesh system. This vulnerability is caused by a lack of validation for a specific value when calling cm processChangedConfigMsg in the ccm processREQ CHANGED CONFIG function. An unauthenticated remote attacker can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation, or disrupt service.

Recommendations For ASUS RT-AX56U V2 version 3.0.0.4.386 50460, update to a newer version that contains a fix for this issue. For ASUS RT-AC86U version 3.0.0.4 386 51529, update to a newer version that contains a fix for this issue. As a temporary workaround, consider disabling the cm processChangedConfigMsg function in the AiMesh system until a patch is available.