cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-39240,https://securityvulnerability.io/vulnerability/CVE-2023-39240,ASUS RT-AX55、RT-AX56U_V2 - Format String - 3,"A format string vulnerability exists in the iperf client function of ASUS RT-AX56U V2, specifically within the set_iperf3_cli.cgi module. Due to inadequate validation of input values, a remote attacker with administrator privileges can exploit this flaw to execute arbitrary code, perform unrestricted system operations, or cause service disruptions.",Asus,"Rt-ax55,Rt-ax56u V2",7.2,HIGH,0.0006399999838322401,false,false,false,false,,false,false,2023-09-07T08:15:00.000Z,0
CVE-2023-39238,https://securityvulnerability.io/vulnerability/CVE-2023-39238,"Format String Vulnerability Affects ASUS RT-AX56U V2, Allows Remote Code Execution","A format string vulnerability has been identified in the ASUS RT-AX56U V2 due to insufficient validation within its set_iperf3_svr.cgi module. This flaw could allow an attacker with administrator privileges to execute arbitrary code remotely, perform unauthorized operations, or disrupt service functionalities. Organizations using this device should ensure timely updates and implement security measures to mitigate potential risks.",Asus,"Rt-ax55,Rt-ax56u V2",7.2,HIGH,0.0006399999838322401,false,false,false,false,,false,false,2023-09-07T08:15:00.000Z,0
CVE-2023-39239,https://securityvulnerability.io/vulnerability/CVE-2023-39239,ASUS RT-AX55、RT-AX56U_V2、RT-AC86U - Format String - 2,"A format string vulnerability has been identified within the General function API of the ASUS RT-AX56U V2's apply.cgi module. This flaw arises from insufficient validation of specific input values, allowing a remote attacker with administrator privileges to exploit it. Successful exploitation could lead to arbitrary code execution, unauthorized system operations, or service disruption, posing significant risks to device security and operational integrity.",Asus,"Rt-ax55,Rt-ax56u V2,Rt-ac86u",7.2,HIGH,0.0006399999838322401,false,false,false,false,,false,false,2023-09-07T08:15:00.000Z,0
CVE-2023-35087,https://securityvulnerability.io/vulnerability/CVE-2023-35087,ASUS RT-AX56U V2 & RT-AC86U - Format String - 2,"A format string vulnerability has been identified in ASUS RT-AX56U V2 and RT-AC86U routers. This weakness arises from insufficient validation of a specific value when executing the cm_processChangedConfigMsg within the ccm_processREQ_CHANGED_CONFIG function in the AiMesh system. An unauthenticated remote attacker could exploit this vulnerability to perform arbitrary code execution, carry out arbitrary operations on the system, or potentially disrupt the service, making it crucial for users to mitigate the associated risks.",Asus,"Rt-ax56u V2,Rt-ac86u",9.8,CRITICAL,0.0006399999838322401,false,false,false,false,,false,false,2023-07-21T08:15:00.000Z,0
CVE-2023-35086,https://securityvulnerability.io/vulnerability/CVE-2023-35086,ASUS RT-AX56U V2 & RT-AC86U - Format String -1,"A format string vulnerability has been identified in ASUS RT-AX56U V2 and RT-AC86U routers, specifically within the logmessage_normal function of the do_detwan_cgi module in the HTTP daemon. This flaw allows a remote attacker with administrator privileges to exploit the system, potentially leading to arbitrary code execution and unauthorized system operations or service disruptions. The affected firmware versions include 3.0.0.4.386_50460 for RT-AX56U V2 and 3.0.0.4_386_51529 for RT-AC86U.",Asus,"Rt-ax56u V2,Rt-ac86u",7.2,HIGH,0.0006399999838322401,false,false,false,true,true,false,false,2023-07-21T07:15:00.000Z,0
CVE-2021-40556,https://securityvulnerability.io/vulnerability/CVE-2021-40556,,"A stack overflow vulnerability exists in the httpd service in ASUS RT-AX56U Router Version 3.0.0.4.386.44266. This vulnerability is caused by the strcat function called by ""caupload"" input handle function allowing the user to enter 0xFFFF bytes into the stack. This vulnerability allows an attacker to execute commands remotely. The vulnerability requires authentication.",Asus,Rt-ax56u Firmware,8.8,HIGH,0.0013800000306218863,false,false,false,false,,false,false,2022-10-06T00:00:00.000Z,0
CVE-2022-23973,https://securityvulnerability.io/vulnerability/CVE-2022-23973,ASUS RT-AX56U - Stack overflew,ASUS RT-AX56U’s user profile configuration function is vulnerable to stack-based buffer overflow due to insufficient validation for parameter length. An unauthenticated LAN attacker can execute arbitrary code to perform arbitrary operations or disrupt service.,Asus,Rt-ax56u,8.8,HIGH,0.0010100000072270632,false,false,false,false,,false,false,2022-04-07T19:15:00.000Z,0
CVE-2022-23972,https://securityvulnerability.io/vulnerability/CVE-2022-23972,ASUS RT-AX56U - SQL Injection,"ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation. An unauthenticated LAN attacker to inject arbitrary SQL code to read, modify and delete database.",Asus,Rt-ax56u,8.8,HIGH,0.0006200000061653554,false,false,false,false,,false,false,2022-04-07T19:15:00.000Z,0
CVE-2022-23971,https://securityvulnerability.io/vulnerability/CVE-2022-23971,ASUS RT-AX56U - Path Traversal,"ASUS RT-AX56U’s update_PLC/PORT file has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another PLC/PORT file with the same file name, which results in service disruption.",Asus,Rt-ax56u,8.1,HIGH,0.0005799999926239252,false,false,false,false,,false,false,2022-04-07T19:15:00.000Z,0
CVE-2022-23970,https://securityvulnerability.io/vulnerability/CVE-2022-23970,ASUS RT-AX56U - Path Traversal,"ASUS RT-AX56U’s update_json function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another file with the same file name, which results in service disruption.",Asus,Rt-ax56u,8.1,HIGH,0.0005799999926239252,false,false,false,false,,false,false,2022-04-07T19:15:00.000Z,0
CVE-2022-22054,https://securityvulnerability.io/vulnerability/CVE-2022-22054,ASUS RT-AX56U - Path Traversal,"ASUS RT-AX56U’s login function contains a path traversal vulnerability due to its inadequate filtering for special characters in URL parameters, which allows an unauthenticated local area network attacker to access restricted system paths and download arbitrary files.",Asus,Rt-ax56u,6.5,MEDIUM,0.0006900000153109431,false,false,false,false,,false,false,2022-01-14T00:00:00.000Z,0
CVE-2021-44158,https://securityvulnerability.io/vulnerability/CVE-2021-44158,ASUS RT-AX56U Router - Stack-based buffer overflow,ASUS RT-AX56U Wi-Fi Router is vulnerable to stack-based buffer overflow due to improper validation for httpd parameter length. An authenticated local area network attacker can launch arbitrary code execution to control the system or disrupt service.,Asus,Rt-ax56u,8,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2022-01-03T00:00:00.000Z,0