It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by lacking validation for a specific value when calling cm_processChangedConfigMsg in ccm_processREQ_CHANGED_CONFIG function in AiMesh system. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service. This issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_51529.
History

Thu, 24 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published: 2023-07-21T07:11:03.792Z

Updated: 2024-10-24T14:17:09.505Z

Reserved: 2023-06-13T10:19:24.131Z

Link: CVE-2023-35087

cve-icon Vulnrichment

Updated: 2024-08-02T16:23:58.647Z

cve-icon NVD

Status : Modified

Published: 2023-07-21T08:15:09.900

Modified: 2024-11-21T08:07:57.097

Link: CVE-2023-35087

cve-icon Redhat

No data.