Sign-up

ID

VAR-202309-0563


CVE

CVE-2023-38031


DESCRIPTION

ASUS RT-AC86U Adaptive QoS - Web History function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services

Trust: 0.99

sources: NVD: CVE-2023-38031 // VULMON: CVE-2023-38031

AFFECTED PRODUCTS

vendor:asusmodel:rt-ac86uscope:eqversion:3.0.0.4_386_51529

Trust: 1.0

sources: NVD: CVE-2023-38031

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-38031
value: HIGH

Trust: 1.0

twcert@cert.org.tw: CVE-2023-38031
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2023-38031
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 2.0

sources: NVD: CVE-2023-38031 // NVD: CVE-2023-38031

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

sources: NVD: CVE-2023-38031

EXTERNAL IDS

db:NVDid:CVE-2023-38031

Trust: 1.1

db:VULMONid:CVE-2023-38031

Trust: 0.1

sources: VULMON: CVE-2023-38031 // NVD: CVE-2023-38031

REFERENCES

url:https://www.twcert.org.tw/tw/cp-132-7348-56989-1.html

Trust: 1.1

url:https://cwe.mitre.org/data/definitions/78.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2023-38031 // NVD: CVE-2023-38031

SOURCES

db:VULMONid:CVE-2023-38031
db:NVDid:CVE-2023-38031

LAST UPDATE DATE

2024-08-14T14:36:36.993000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2023-38031date:2023-09-07T00:00:00
db:NVDid:CVE-2023-38031date:2023-09-12T20:45:43.417

SOURCES RELEASE DATE

db:VULMONid:CVE-2023-38031date:2023-09-07T00:00:00
db:NVDid:CVE-2023-38031date:2023-09-07T04:15:10.273