Details of VAR-202204-1269

ID

VAR-202204-1269

CVE

CVE-2022-25596

TITLE

ASUSTeK Computer Inc. of RT-AC86U Out-of-bounds write vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2022-007787

DESCRIPTION

ASUS RT-AC56U’s configuration function has a heap-based buffer overflow vulnerability due to insufficient validation for the decryption parameter length, which allows an unauthenticated LAN attacker to execute arbitrary code, perform arbitrary operations and disrupt service. ASUSTeK Computer Inc. of RT-AC86U An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ASUS RT-AC56U is a dual-band Wi-Fi router from ASUS China. ASUS RT-AC56U has a security vulnerability

Trust: 2.25

sources: NVD: CVE-2022-25596 // JVNDB: JVNDB-2022-007787 // CNVD: CNVD-2022-31521 // VULMON: CVE-2022-25596

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-31521

AFFECTED PRODUCTS

vendor:	asus	model:	rt-ac86u	scope:	eq	version:	3.0.0.4.386.45956	Trust: 1.0
vendor:	asustek computer	model:	rt-ac86u	scope:	eq	version:	-	Trust: 0.8
vendor:	asustek computer	model:	rt-ac86u	scope:	eq	version:	rt-ac86u firmware 3.0.0.4.386.45956	Trust: 0.8
vendor:	asustek computer	model:	rt-ac86u	scope:	-	version:	-	Trust: 0.8
vendor:	asus	model:	rt-ac56u	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-31521 // JVNDB: JVNDB-2022-007787 // NVD: CVE-2022-25596

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-25596
value:	HIGH
Trust: 1.0
twcert@cert.org.tw:	CVE-2022-25596
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-25596
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2022-31521
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202204-2608
value:	HIGH
Trust: 0.6
VULMON:	CVE-2022-25596
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-25596
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2022-31521
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-25596
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2022-25596
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-31521 // VULMON: CVE-2022-25596 // JVNDB: JVNDB-2022-007787 // CNNVD: CNNVD-202204-2608 // NVD: CVE-2022-25596 // NVD: CVE-2022-25596

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-007787 // NVD: CVE-2022-25596

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202204-2608

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202204-2608

PATCH

title:

Patch for ASUS RT-AC56U Heap Buffer Overflow Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/330256

Trust: 0.6

sources: CNVD: CNVD-2022-31521

EXTERNAL IDS

db:	NVD	id:	CVE-2022-25596	Trust: 3.9
db:	JVNDB	id:	JVNDB-2022-007787	Trust: 0.8
db:	CNVD	id:	CNVD-2022-31521	Trust: 0.6
db:	CNNVD	id:	CNNVD-202204-2608	Trust: 0.6
db:	VULMON	id:	CVE-2022-25596	Trust: 0.1

sources: CNVD: CNVD-2022-31521 // VULMON: CVE-2022-25596 // JVNDB: JVNDB-2022-007787 // CNNVD: CNNVD-202204-2608 // NVD: CVE-2022-25596

REFERENCES

url:	https://www.twcert.org.tw/tw/cp-132-5793-4f9d3-1.html	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25596	Trust: 1.4
url:	https://cxsecurity.com/cveshow/cve-2022-25596/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-31521 // VULMON: CVE-2022-25596 // JVNDB: JVNDB-2022-007787 // CNNVD: CNNVD-202204-2608 // NVD: CVE-2022-25596

SOURCES

db:	CNVD	id:	CNVD-2022-31521
db:	VULMON	id:	CVE-2022-25596
db:	JVNDB	id:	JVNDB-2022-007787
db:	CNNVD	id:	CNNVD-202204-2608
db:	NVD	id:	CVE-2022-25596

LAST UPDATE DATE

2024-11-23T21:32:34.921000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-31521	date:	2022-04-22T00:00:00
db:	VULMON	id:	CVE-2022-25596	date:	2022-04-14T00:00:00
db:	JVNDB	id:	JVNDB-2022-007787	date:	2023-07-20T08:14:00
db:	CNNVD	id:	CNNVD-202204-2608	date:	2022-04-15T00:00:00
db:	NVD	id:	CVE-2022-25596	date:	2024-11-21T06:52:24.530

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-31521	date:	2022-04-22T00:00:00
db:	VULMON	id:	CVE-2022-25596	date:	2022-04-07T00:00:00
db:	JVNDB	id:	JVNDB-2022-007787	date:	2023-07-20T00:00:00
db:	CNNVD	id:	CNNVD-202204-2608	date:	2022-04-07T00:00:00
db:	NVD	id:	CVE-2022-25596	date:	2022-04-07T19:15:08.807