CVE-2022-38105

Published: Jan 10, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An information disclosure vulnerability exists in the cm_processREQ_NC opcode of Asus RT-AX82U 3.0.0.4.386_49674-ge182230 router's configuration service. A specially-crafted network packets can lead to a disclosure of sensitive information. An attacker can send a network request to trigger this vulnerability.

Affected (1)

Products: Asus: Rt Ax82u Firmware

1 product

Rt Ax82u Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Asus Rt Ax82u Firmware	Version 3.0.0.4.386_49674-ge182230

Running on/with	Platform Versions
Asus Rt Ax82u	All versions

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (3)

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1590

Source: talos-cna@cisco.com

ExploitThird Party Advisory

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1590

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1590

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.