Sign-up

ID

VAR-202309-0729


CVE

CVE-2023-39780


TITLE

ASUS RT-AX55 command injection vulnerability

Trust: 0.6

sources: CNVD: CNVD-2023-70089

DESCRIPTION

ASUS RT-AX55 v3.0.0.4.386.51598 was discovered to contain an authenticated command injection vulnerability. ASUS RT-AX55 is a dual-band Wi-Fi router from the Chinese company ASUS. This vulnerability is caused by the application's failure to properly filter special characters, commands, etc. in constructed commands. An attacker could exploit this vulnerability to cause arbitrary command execution

Trust: 1.53

sources: NVD: CVE-2023-39780 // CNVD: CNVD-2023-70089 // VULMON: CVE-2023-39780

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2023-70089

AFFECTED PRODUCTS

vendor:asusmodel:rt-ax55scope:eqversion:3.0.0.4.386.51598

Trust: 1.0

vendor:asusmodel:rt-ax55scope:eqversion:v3.0.0.4.386.51598

Trust: 0.6

sources: CNVD: CNVD-2023-70089 // NVD: CVE-2023-39780

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-39780
value: HIGH

Trust: 1.0

CNVD: CNVD-2023-70089
value: HIGH

Trust: 0.6

CNVD: CNVD-2023-70089
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2023-39780
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2023-70089 // NVD: CVE-2023-39780

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

sources: NVD: CVE-2023-39780

EXTERNAL IDS

db:NVDid:CVE-2023-39780

Trust: 1.7

db:CNVDid:CNVD-2023-70089

Trust: 0.6

db:VULMONid:CVE-2023-39780

Trust: 0.1

sources: CNVD: CNVD-2023-70089 // VULMON: CVE-2023-39780 // NVD: CVE-2023-39780

REFERENCES

url:https://github.com/d2y6p/cve/blob/main/asus/cve-2023-39780/5/en.md

Trust: 1.1

url:https://github.com/d2y6p/cve/blob/main/asus/cve-2023-39780/1/en.md

Trust: 1.1

url:https://github.com/d2y6p/cve/blob/main/asus/cve-2023-39780/3/en.md

Trust: 1.1

url:https://github.com/d2y6p/cve/blob/main/asus/cve-2023-39780/6/en.md

Trust: 1.1

url:https://github.com/d2y6p/cve/blob/main/asus/cve-2023-39780/4/en.md

Trust: 1.1

url:https://github.com/d2y6p/cve/blob/main/asus/cve-2023-39780/2/en.md

Trust: 1.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-39780

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2023-70089 // VULMON: CVE-2023-39780 // NVD: CVE-2023-39780

SOURCES

db:CNVDid:CNVD-2023-70089
db:VULMONid:CVE-2023-39780
db:NVDid:CVE-2023-39780

LAST UPDATE DATE

2024-08-14T14:30:17.598000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2023-70089date:2023-09-18T00:00:00
db:VULMONid:CVE-2023-39780date:2023-09-12T00:00:00
db:NVDid:CVE-2023-39780date:2023-09-14T17:43:36.990

SOURCES RELEASE DATE

db:CNVDid:CNVD-2023-70089date:2023-09-14T00:00:00
db:VULMONid:CVE-2023-39780date:2023-09-11T00:00:00
db:NVDid:CVE-2023-39780date:2023-09-11T19:15:43.190