CVE-2023-35086
CVSS 3.1 Score 7.2 of 10 (high)
Details
Published Jul 21, 2023
Updated: Mar 27, 2024
CWE ID 134
Summary
CVE-2023-35086 is a format string vulnerability affecting the ASUS RT-AX56U V2 and RT-AC86U routers. The flaw resides in the logmessage_normal function of the do_detwan_cgi module in httpd. An attacker with administrator privileges can manipulate input as a format string, leading to remote arbitrary code execution, arbitrary system operations, or denial-of-service attacks. This vulnerability affects RT-AX56U V2 with firmware version 3.0.0.4.386_50460 and RT-AC86U with firmware version 3.0.0.4_386_51529.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- ASUS
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
Note: This is just a basic overview providing quick insights into CVE-2023-35086 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions