Published: 21/07/2023 Updated: 27/03/2024

CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2

VMScore: 0

It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by directly using input as a format string when calling syslog in logmessage_normal function, in the do_detwan_cgi module of httpd. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service. This issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_51529.

Vulnerable Product	Search on Vulmon	Subscribe to Product
asus rt-ac86u_firmware 3.0.0.4_386_51529
asus rt-ax56u_v2_firmware 3.0.0.4.386_50460

POC of CVE-2023-35086 only DoS

CVE-2023-35086-POC July 25 2023, Altin (tin-z), githubcom/tin-z Brief description ASUS RT-AX56U V2 & RT-AC86U router firmwares below or equal to version 3004386_50460 and 3004_386_51529 respectively have a format string vulnerability in the detwancgi function of the httpd service that can cause code execution when an attacker constructs malicious data The v

CWE-134 https://www.twcert.org.tw/tw/cp-132-7240-a5f96-1.html https://nvd.nist.gov https://github.com/tin-z/CVE-2023-35086-POC

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-35086

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect