CVE-2022-23970

CVE-2022-23970 is a disclosure identifier tied to a security vulnerability with the following details. ASUS RT-AX56U's update_json function ... Togglenavigation Home CVE-2022-23970 Publishedon:NotYetPublished LastModifiedon:04/14/202208:42:00PMUTC CVE-2022-23970-advisoryforTVN-202202001 Source:Mitre Source:Nist Print:PDF Certainversionsof Rt-ax56u from Asus containthefollowingvulnerability:ASUSRT-AX56U’supdate_jsonfunctionhasapathtraversalvulnerabilityduetoinsufficientfilteringforspecialcharactersintheURLparameter.AnunauthenticatedLANattackercanoverwriteasystemfilebyuploadinganotherfilewiththesamefilename,whichresultsinservicedisruption. CVE-2022-23970hasbeenassignedby[email protected]totrackthevulnerability-currentlyratedasHIGHseverity.AffectedVendor/Software:ASUS-RT-AX56Uversion=3.0.0.4.386.45898 CVSS3Score:8.1-HIGH AttackVectorⓘ AttackComplexity PrivilegesRequired UserInteraction ADJACENT_NETWORK LOW NONE NONE Scope ConfidentialityImpact IntegrityImpact AvailabilityImpact UNCHANGED NONE HIGH HIGH CVSS2Score:4.8-MEDIUM AccessVectorⓘ AccessComplexity Authentication ADJACENT_NETWORK LOW NONE ConfidentialityImpact IntegrityImpact AvailabilityImpact NONE PARTIAL PARTIAL CVEReferences Description Tagsⓘ Link TWCERT/CC台灣電腦網路危機處理暨協調中心|企業資安通報協處|資安情資分享|漏洞通報|資安聯盟|資安電子報-ASUSRT-AX56U-PathTraversal www.twcert.org.twtext/html MISCwww.twcert.org.tw/tw/cp-132-5784-68aa3-1.html Byselectingtheselinks,youmaybeleavingCVEreportwebspace.Wehaveprovidedtheselinkstootherwebsitesbecausetheymayhaveinformationthatwouldbeofinteresttoyou.Noinferencesshouldbedrawnonaccountofothersitesbeingreferenced,ornot,fromthispage.Theremaybeotherwebsitesthataremoreappropriateforyourpurpose.CVEreportdoesnotnecessarilyendorsetheviewsexpressed,orconcurwiththefactspresentedonthesesites.Further,CVEreportdoesnotendorseanycommercialproductsthatmaybementionedonthesesites.Pleaseaddresscommentsaboutanylinkedpagesto[email protected]. TherearecurrentlynoQIDsassociatedwiththisCVE KnownAffectedConfigurations(CPEV2.3) Type Vendor Product Version Update Edition Language HardwareAsusRt-ax56u-AllAllAll OperatingSystemAsusRt-ax56uFirmware3.0.0.4.386.45898AllAllAll cpe:2.3:h:asus:rt-ax56u:-:*:*:*:*:*:*:*: cpe:2.3:o:asus:rt-ax56u_firmware:3.0.0.4.386.45898:*:*:*:*:*:*:*: DiscoveryCredit hanpeng(CyberKunlunLab) SocialMentions Source Title Posted(UTC) @CVEreport CVE-2022-23970:ASUSRT-AX56U’supdate_jsonfunctionhasapathtraversalvulnerabilityduetoinsufficientfilter…twitter.com/i/web/status/1… 2022-04-0718:32:44 /r/netcve CVE-2022-23970 2022-04-0719:40:26 ←PreviousID NextID→