CVE-2021-40556

Published: Oct 6, 2022Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A stack overflow vulnerability exists in the httpd service in ASUS RT-AX56U Router Version 3.0.0.4.386.44266. This vulnerability is caused by the strcat function called by "caupload" input handle function allowing the user to enter 0xFFFF bytes into the stack. This vulnerability allows an attacker to execute commands remotely. The vulnerability requires authentication.

Affected (1)

Products: Asus: Rt Ax56u Firmware

1 product

Rt Ax56u Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Asus Rt Ax56u Firmware	Version 3.0.0.4.386.44266

Running on/with	Platform Versions
Asus Rt Ax56u	All versions

Related CWEs

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (4)

https://www.asus.com/tw/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX56U/HelpDesk_BIOS/

Source: cve@mitre.org

ProductVendor Advisory

https://x1ng.top/2021/10/14/ASUS%E6%A0%88%E6%BA%A2%E5%87%BA%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.asus.com/tw/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX56U/HelpDesk_BIOS/

Source: af854a3a-2127-422b-91ae-364da2661108

ProductVendor Advisory

https://x1ng.top/2021/10/14/ASUS%E6%A0%88%E6%BA%A2%E5%87%BA%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.