Main Vulnerability Database SB2023062012

SB2023062012 - Multiple vulnerabilities in ASUS Routers

Published: June 20, 2023

Security Bulletin ID SB2023062012

CSH Severity

High

Patch available

YES

Number of vulnerabilities 5

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 5 vulnerabilities.

1) OS Command Injection (CVE-ID: CVE-2023-28702)

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation. A remote user can pass specially crafted data to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

2) Buffer overflow (CVE-ID: CVE-2022-46871)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in libusrsctp. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

3) Out-of-bounds write (CVE-ID: CVE-2018-1160)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error in dsi_opensess.c. A remote attacker can trigger an out-of-bounds write and crash the affected application or execute arbitrary code on the target system.

4) Out-of-bounds write (CVE-ID: CVE-2022-26376)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error in the httpd unescape functionality. A remote attacker can trigger out-of-bounds write and execute arbitrary code on the target system.

5) Stack-based buffer overflow (CVE-ID: CVE-2023-28703)

CWE-ID: CWE-121 - Stack-based buffer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the cgi function. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's website.

References

Vulnerable Software

GS-AX3000: before 1.4.8.3
GT-AXE16000: before 3.0.0.4.388.23012
GS-AX5400: before 3.0.0.4.388.23012
GT6: before 3.0.0.4.388.23145
TUF-AX5400: before 3.0.0.4.388.23285
RT-AX82U: before 3.0.0.4.388.23285
RT-AX86S: before 3.0.0.4.388.23285
RT-AX86U: before 3.0.0.4.388.23285
RT-AX86U PRO: before 3.0.0.4.388.23285
ZenWiFi XT8_V2: before 3.0.0.4.388.23285
ZenWiFi XT8: before 3.0.0.4.388.23285
ZenWiFi XT9: before 3.0.0.4.388.23285
GT-AX11000: before 3.0.0.4.388.23285
GT-AX6000: before 3.0.0.4.388.23285
GT-AXE11000 PRO: before 3.0.0.4.388.23285
RT-AX58U: before 3.0.0.4.388.23403
RT-AX3000: before 3.0.0.4.388.23403
GT-AXE11000: before 3.0.0.4.388.23482
TUF-AX6000: before 3.0.0.4.388.31927

SB2023062012 - Multiple vulnerabilities in ASUS Routers

Breakdown by Severity

Description

Remediation

References

Please verify you're human