CVE-2022-25596

HIGH

ASUS RT-AC56U - Unauthenticated Heap-Based Buffer Overflow via Decryption Parameter

Title source: llm
STIX 2.1

Description

ASUS RT-AC56U’s configuration function has a heap-based buffer overflow vulnerability due to insufficient validation for the decryption parameter length, which allows an unauthenticated LAN attacker to execute arbitrary code, perform arbitrary operations and disrupt service.

References (1)

Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.twcert.org.tw/tw/cp-132-5793-4f9d3-1.html

Scores

CVSS v3 8.8
EPSS 0.0010
EPSS Percentile 27.4%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (1)
asus/rt-ac86u_firmware 3.0.0.4.386.45956
Published Apr 07, 2022
Tracked Since Feb 18, 2026