CVE-2024-1655

HIGH

ASUS WiFi Routers - Command Injection

Title source: llm

Description

Certain ASUS WiFi routers models has an OS Command Injection vulnerability, allowing an authenticated remote attacker to execute arbitrary system commands by sending a specially crafted request.

Exploits (1)

nomisec WORKING POC 1 stars

by lnversed · poc

https://github.com/lnversed/CVE-2024-1655

View Code ZIP pw:eip

References (1)

[Various Sources] https://www.twcert.org.tw/tw/cp-132-7737-1acd0-1.html

Scores

CVSS v3 8.8

EPSS 0.1465

EPSS Percentile 94.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-78

Status published

Products (3)

ASUS/ExpertWiFi EBM63 earlier - 3.0.0.6.102_32645

ASUS/ExpertWiFi EBM68 earlier - 3.0.0.6.102_44384

ASUS/RT-AX57 Go earlier - 3.0.0.6.102_22188

Published Apr 15, 2024

Tracked Since Feb 18, 2026