Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-1655

Published: 15/04/2024 Updated: 15/04/2024

Vulnerability Summary

Certain ASUS WiFi routers models has an OS Command Injection vulnerability, allowing an authenticated remote malicious user to execute arbitrary system commands by sending a specially crafted request.

Github Repositories

https://github.com/lnversed/CVE-2024-1655

CVE-2024-1655 Description ASUS ExpertWiFi EBM63, EBM68, and RT-AX57 Go firmwares before the 12-04-2024 patch contain a command injection vulnerability in splash_page_SDNcgi function When an attacker sends a specially crafted request, they can achieve arbitrary code execution references: Official report Usage The vulnerability is an authenticated RCE, users of this script a

References

CWE-78https://www.twcert.org.tw/tw/cp-132-7737-1acd0-1.htmlhttps://nvd.nist.govhttps://github.com/lnversed/CVE-2024-1655
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3661open redirectCVE-2024-25512CVE-2024-33788command injectionSSTICVE-2024-0043CVE-2024-29210CVE-2024-25510
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook