CVE-2023-39240

It is identified a format string vulnerability in ASUS RT-AX56U V2s iperf client function API. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_cli.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
twcertCNA
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
VendorProductVersion
asusrt-ax55_firmware
3.0.0.4.386_50460:_50460
asusrt-ax56u_v2_firmware
3.0.0.4.386_50460:_50460
asusrt-ac86u_firmware
3.0.0.4_386_51529:_386_51529
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.twcert.org.tw/tw/cp-132-7356-021bf-1.html
https://www.twcert.org.tw/tw/cp-132-7356-021bf-1.html