Sign-up

ID

VAR-202307-2004


CVE

CVE-2023-35086


TITLE

ASUSTeK Computer Inc.  of  RT-AC86U  firmware and  RT-AX56U_V2  Format string vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2023-020955

DESCRIPTION

It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by directly using input as a format string when calling syslog in logmessage_normal function, in the do_detwan_cgi module of httpd. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service. This issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_51529. ASUSTeK Computer Inc. of RT-AC86U firmware and RT-AX56U_V2 A format string vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-35086 // JVNDB: JVNDB-2023-020955 // VULMON: CVE-2023-35086

AFFECTED PRODUCTS

vendor:asusmodel:rt-ax56u v2scope:eqversion:3.0.0.4.386_50460

Trust: 1.0

vendor:asusmodel:rt-ac86uscope:eqversion:3.0.0.4_386_51529

Trust: 1.0

vendor:asustek computermodel:rt-ac86uscope: - version: -

Trust: 0.8

vendor:asustek computermodel:rt-ax56u v2scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-020955 // NVD: CVE-2023-35086

CVSS

SEVERITY

CVSSV2

CVSSV3

twcert@cert.org.tw: CVE-2023-35086
value: HIGH

Trust: 1.0

OTHER: JVNDB-2023-020955
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202307-1796
value: CRITICAL

Trust: 0.6

twcert@cert.org.tw: CVE-2023-35086
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2023-020955
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-020955 // CNNVD: CNNVD-202307-1796 // NVD: CVE-2023-35086

PROBLEMTYPE DATA

problemtype:CWE-134

Trust: 1.0

problemtype:Format string problem (CWE-134) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-020955 // NVD: CVE-2023-35086

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202307-1796

TYPE

format string error

Trust: 0.6

sources: CNNVD: CNNVD-202307-1796

PATCH

title:ASUS RT-AX56U Fixes for formatting string error vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=247068

Trust: 0.6

sources: CNNVD: CNNVD-202307-1796

EXTERNAL IDS

db:NVDid:CVE-2023-35086

Trust: 3.3

db:JVNDBid:JVNDB-2023-020955

Trust: 0.8

db:CNNVDid:CNNVD-202307-1796

Trust: 0.6

db:VULMONid:CVE-2023-35086

Trust: 0.1

sources: VULMON: CVE-2023-35086 // JVNDB: JVNDB-2023-020955 // CNNVD: CNNVD-202307-1796 // NVD: CVE-2023-35086

REFERENCES

url:https://www.twcert.org.tw/tw/cp-132-7240-a5f96-1.html

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2023-35086

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2023-35086/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/134.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2023-35086 // JVNDB: JVNDB-2023-020955 // CNNVD: CNNVD-202307-1796 // NVD: CVE-2023-35086

SOURCES

db:VULMONid:CVE-2023-35086
db:JVNDBid:JVNDB-2023-020955
db:CNNVDid:CNNVD-202307-1796
db:NVDid:CVE-2023-35086

LAST UPDATE DATE

2024-08-14T15:41:40.042000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2023-35086date:2023-07-21T00:00:00
db:JVNDBid:JVNDB-2023-020955date:2024-05-31T05:31:00
db:CNNVDid:CNNVD-202307-1796date:2023-07-24T00:00:00
db:NVDid:CVE-2023-35086date:2024-03-27T08:15:37.173

SOURCES RELEASE DATE

db:VULMONid:CVE-2023-35086date:2023-07-21T00:00:00
db:JVNDBid:JVNDB-2023-020955date:2024-01-18T00:00:00
db:CNNVDid:CNNVD-202307-1796date:2023-07-21T00:00:00
db:NVDid:CVE-2023-35086date:2023-07-21T07:15:10.143