CVE-2022-22054
MEDIUMASUS RT-AX56U Firmware - Unauthenticated Path Traversal via URL Parameter
Title source: llmDescription
ASUS RT-AX56U’s login function contains a path traversal vulnerability due to its inadequate filtering for special characters in URL parameters, which allows an unauthenticated local area network attacker to access restricted system paths and download arbitrary files.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.twcert.org.tw/tw/cp-132-5508-59251-1.html
Scores
CVSS v3
6.5
EPSS
0.0010
EPSS Percentile
27.7%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (1)
asus/rt-ax56u_firmware
3.0.0.4.386.44266
Published
Jan 14, 2022
Tracked Since
Feb 18, 2026