ID

VAR-202201-1471


CVE

CVE-2022-22054


TITLE

ASUS RT-AX56U Path Traversal Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2022-04707 // CNNVD: CNNVD-202201-1169

DESCRIPTION

ASUS RT-AX56U’s login function contains a path traversal vulnerability due to its inadequate filtering for special characters in URL parameters, which allows an unauthenticated local area network attacker to access restricted system paths and download arbitrary files. ASUS RT-AX56U Exists in a past traversal vulnerability.Information may be obtained. ASUS RT-AX56U is a wireless router from ASUS (ASUS) in Taiwan

Trust: 2.25

sources: NVD: CVE-2022-22054 // JVNDB: JVNDB-2022-003462 // CNVD: CNVD-2022-04707 // VULMON: CVE-2022-22054

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-04707

AFFECTED PRODUCTS

vendor:asusmodel:rt-ax56uscope:eqversion:3.0.0.4.386.44266

Trust: 1.6

vendor:asustek computermodel:rt-ax56uscope:eqversion: -

Trust: 0.8

vendor:asustek computermodel:rt-ax56uscope: - version: -

Trust: 0.8

vendor:asustek computermodel:rt-ax56uscope:eqversion:rt-ax56u firmware

Trust: 0.8

sources: CNVD: CNVD-2022-04707 // JVNDB: JVNDB-2022-003462 // NVD: CVE-2022-22054

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-22054
value: MEDIUM

Trust: 1.0

twcert@cert.org.tw: CVE-2022-22054
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-22054
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2022-04707
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202201-1169
value: MEDIUM

Trust: 0.6

VULMON: CVE-2022-22054
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2022-22054
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2022-04707
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:C/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-22054
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 2.0

OTHER: JVNDB-2022-003462
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-04707 // VULMON: CVE-2022-22054 // JVNDB: JVNDB-2022-003462 // CNNVD: CNNVD-202201-1169 // NVD: CVE-2022-22054 // NVD: CVE-2022-22054

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.0

problemtype:Path traversal (CWE-22) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-003462 // NVD: CVE-2022-22054

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202201-1169

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202201-1169

PATCH

title:top pageurl:https://www.asus.com/jp/

Trust: 0.8

title:Patch for ASUS RT-AX56U Path Traversal Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/314196

Trust: 0.6

title:ASUS RT-AX56U Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=177974

Trust: 0.6

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: CNVD: CNVD-2022-04707 // VULMON: CVE-2022-22054 // JVNDB: JVNDB-2022-003462 // CNNVD: CNNVD-202201-1169

EXTERNAL IDS

db:NVDid:CVE-2022-22054

Trust: 3.9

db:JVNDBid:JVNDB-2022-003462

Trust: 0.8

db:CNVDid:CNVD-2022-04707

Trust: 0.6

db:CS-HELPid:SB2022011926

Trust: 0.6

db:CNNVDid:CNNVD-202201-1169

Trust: 0.6

db:VULMONid:CVE-2022-22054

Trust: 0.1

sources: CNVD: CNVD-2022-04707 // VULMON: CVE-2022-22054 // JVNDB: JVNDB-2022-003462 // CNNVD: CNNVD-202201-1169 // NVD: CVE-2022-22054

REFERENCES

url:https://www.twcert.org.tw/tw/cp-132-5508-59251-1.html

Trust: 3.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22054

Trust: 1.4

url:https://www.cybersecurity-help.cz/vdb/sb2022011926

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/22.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

sources: CNVD: CNVD-2022-04707 // VULMON: CVE-2022-22054 // JVNDB: JVNDB-2022-003462 // CNNVD: CNNVD-202201-1169 // NVD: CVE-2022-22054

SOURCES

db:CNVDid:CNVD-2022-04707
db:VULMONid:CVE-2022-22054
db:JVNDBid:JVNDB-2022-003462
db:CNNVDid:CNNVD-202201-1169
db:NVDid:CVE-2022-22054

LAST UPDATE DATE

2024-11-23T22:44:05.864000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-04707date:2022-01-18T00:00:00
db:VULMONid:CVE-2022-22054date:2022-01-21T00:00:00
db:JVNDBid:JVNDB-2022-003462date:2023-02-20T02:47:00
db:CNNVDid:CNNVD-202201-1169date:2022-01-25T00:00:00
db:NVDid:CVE-2022-22054date:2024-11-21T06:45:59.810

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-04707date:2022-01-18T00:00:00
db:VULMONid:CVE-2022-22054date:2022-01-14T00:00:00
db:JVNDBid:JVNDB-2022-003462date:2023-02-20T00:00:00
db:CNNVDid:CNNVD-202201-1169date:2022-01-14T00:00:00
db:NVDid:CVE-2022-22054date:2022-01-14T05:15:11.167