Details of VAR-202204-1675

ID

VAR-202204-1675

CVE

CVE-2022-25597

TITLE

ASUSTeK Computer Inc. of RT-AC86U Firmware vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2022-007786

DESCRIPTION

ASUS RT-AC86U’s LPD service has insufficient filtering for special characters in the user request, which allows an unauthenticated LAN attacker to perform command injection attack, execute arbitrary commands and disrupt or terminate service. ASUSTeK Computer Inc. of RT-AC86U There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ASUS RT-AC86U is a dual-band Wi-Fi router from ASUS China

Trust: 2.16

sources: NVD: CVE-2022-25597 // JVNDB: JVNDB-2022-007786 // CNVD: CNVD-2022-31522

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-31522

AFFECTED PRODUCTS

vendor:	asus	model:	rt-ac86u	scope:	eq	version:	3.0.0.4.386.45956	Trust: 1.6
vendor:	asustek computer	model:	rt-ac86u	scope:	eq	version:	-	Trust: 0.8
vendor:	asustek computer	model:	rt-ac86u	scope:	eq	version:	rt-ac86u firmware 3.0.0.4.386.45956	Trust: 0.8
vendor:	asustek computer	model:	rt-ac86u	scope:	-	version:	-	Trust: 0.8

sources: CNVD: CNVD-2022-31522 // JVNDB: JVNDB-2022-007786 // NVD: CVE-2022-25597

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-25597
value:	HIGH
Trust: 1.0
twcert@cert.org.tw:	CVE-2022-25597
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-25597
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2022-31522
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202204-2606
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-25597
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2022-31522
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-25597
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2022-25597
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-31522 // JVNDB: JVNDB-2022-007786 // CNNVD: CNNVD-202204-2606 // NVD: CVE-2022-25597 // NVD: CVE-2022-25597

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-007786 // NVD: CVE-2022-25597

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202204-2606

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202204-2606

PATCH

title:

Patch for ASUS RT-AC86U Command Injection Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/330251

Trust: 0.6

sources: CNVD: CNVD-2022-31522

EXTERNAL IDS

db:	NVD	id:	CVE-2022-25597	Trust: 3.8
db:	JVNDB	id:	JVNDB-2022-007786	Trust: 0.8
db:	CNVD	id:	CNVD-2022-31522	Trust: 0.6
db:	CNNVD	id:	CNNVD-202204-2606	Trust: 0.6

sources: CNVD: CNVD-2022-31522 // JVNDB: JVNDB-2022-007786 // CNNVD: CNNVD-202204-2606 // NVD: CVE-2022-25597

REFERENCES

url:	https://www.twcert.org.tw/tw/cp-132-5794-09c33-1.html	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25597	Trust: 1.4
url:	https://cxsecurity.com/cveshow/cve-2022-25597/	Trust: 0.6

sources: CNVD: CNVD-2022-31522 // JVNDB: JVNDB-2022-007786 // CNNVD: CNNVD-202204-2606 // NVD: CVE-2022-25597

SOURCES

db:	CNVD	id:	CNVD-2022-31522
db:	JVNDB	id:	JVNDB-2022-007786
db:	CNNVD	id:	CNNVD-202204-2606
db:	NVD	id:	CVE-2022-25597

LAST UPDATE DATE

2024-11-23T22:40:29.430000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-31522	date:	2022-04-22T00:00:00
db:	JVNDB	id:	JVNDB-2022-007786	date:	2023-07-20T08:14:00
db:	CNNVD	id:	CNNVD-202204-2606	date:	2023-06-25T00:00:00
db:	NVD	id:	CVE-2022-25597	date:	2024-11-21T06:52:24.670

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-31522	date:	2022-04-21T00:00:00
db:	JVNDB	id:	JVNDB-2022-007786	date:	2023-07-20T00:00:00
db:	CNNVD	id:	CNNVD-202204-2606	date:	2022-04-07T00:00:00
db:	NVD	id:	CVE-2022-25597	date:	2022-04-07T19:15:08.860