Sign-up

ID

VAR-202204-1734


CVE

CVE-2022-26674


TITLE

ASUSTeK Computer Inc.  of  RT-AX88U  Format string vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2022-008390

DESCRIPTION

ASUS RT-AX88U has a Format String vulnerability, which allows an unauthenticated remote attacker to write to arbitrary memory address and perform remote arbitrary code execution, arbitrary system operation or disrupt service. ASUSTeK Computer Inc. of RT-AX88U A format string vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ASUS RT-AX88U is a wireless router from China ASUS (ASUS)

Trust: 2.25

sources: NVD: CVE-2022-26674 // JVNDB: JVNDB-2022-008390 // CNVD: CNVD-2022-32819 // VULMON: CVE-2022-26674

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-32819

AFFECTED PRODUCTS

vendor:asusmodel:rt-ax88uscope:ltversion:3.0.0.4.386.46065

Trust: 1.0

vendor:asustek computermodel:rt-ax88uscope: - version: -

Trust: 0.8

vendor:asustek computermodel:rt-ax88uscope:eqversion: -

Trust: 0.8

vendor:asustek computermodel:rt-ax88uscope:eqversion:rt-ax88u firmware 3.0.0.4.386.46065

Trust: 0.8

vendor:asusmodel:rt-ax88uscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2022-32819 // JVNDB: JVNDB-2022-008390 // NVD: CVE-2022-26674

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-26674
value: HIGH

Trust: 1.0

twcert@cert.org.tw: CVE-2022-26674
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-26674
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2022-32819
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202204-4258
value: CRITICAL

Trust: 0.6

VULMON: CVE-2022-26674
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-26674
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2022-32819
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

twcert@cert.org.tw: CVE-2022-26674
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2022-008390
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-32819 // VULMON: CVE-2022-26674 // JVNDB: JVNDB-2022-008390 // CNNVD: CNNVD-202204-4258 // NVD: CVE-2022-26674 // NVD: CVE-2022-26674

PROBLEMTYPE DATA

problemtype:CWE-134

Trust: 1.0

problemtype:Format string problem (CWE-134) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-008390 // NVD: CVE-2022-26674

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-4258

TYPE

format string error

Trust: 0.6

sources: CNNVD: CNNVD-202204-4258

PATCH

title:Patch for ASUS RT-AX88U Code Execution Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/331291

Trust: 0.6

title:ASUS RT-AX88U Fixes for formatting string error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=191510

Trust: 0.6

sources: CNVD: CNVD-2022-32819 // CNNVD: CNNVD-202204-4258

EXTERNAL IDS

db:NVDid:CVE-2022-26674

Trust: 3.9

db:JVNDBid:JVNDB-2022-008390

Trust: 0.8

db:CNVDid:CNVD-2022-32819

Trust: 0.6

db:CS-HELPid:SB2022042604

Trust: 0.6

db:CNNVDid:CNNVD-202204-4258

Trust: 0.6

db:VULMONid:CVE-2022-26674

Trust: 0.1

sources: CNVD: CNVD-2022-32819 // VULMON: CVE-2022-26674 // JVNDB: JVNDB-2022-008390 // CNNVD: CNNVD-202204-4258 // NVD: CVE-2022-26674

REFERENCES

url:https://www.twcert.org.tw/tw/cp-132-6043-0f72c-1.html

Trust: 2.5

url:https://cxsecurity.com/cveshow/cve-2022-26674/

Trust: 1.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-26674

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2022042604

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/134.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2022-32819 // VULMON: CVE-2022-26674 // JVNDB: JVNDB-2022-008390 // CNNVD: CNNVD-202204-4258 // NVD: CVE-2022-26674

SOURCES

db:CNVDid:CNVD-2022-32819
db:VULMONid:CVE-2022-26674
db:JVNDBid:JVNDB-2022-008390
db:CNNVDid:CNNVD-202204-4258
db:NVDid:CVE-2022-26674

LAST UPDATE DATE

2024-08-14T14:10:51.295000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-32819date:2022-04-27T00:00:00
db:VULMONid:CVE-2022-26674date:2022-05-04T00:00:00
db:JVNDBid:JVNDB-2022-008390date:2023-07-26T08:25:00
db:CNNVDid:CNNVD-202204-4258date:2022-05-06T00:00:00
db:NVDid:CVE-2022-26674date:2022-05-04T12:57:44.817

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-32819date:2022-04-27T00:00:00
db:VULMONid:CVE-2022-26674date:2022-04-22T00:00:00
db:JVNDBid:JVNDB-2022-008390date:2023-07-26T00:00:00
db:CNNVDid:CNNVD-202204-4258date:2022-04-22T00:00:00
db:NVDid:CVE-2022-26674date:2022-04-22T07:15:07.887