CVE-2024-3912

Published: Jun 14, 2024Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: twcert@cert.org.tw (Secondary)

Description

Certain models of ASUS routers have an arbitrary firmware upload vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the device.

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

https://www.twcert.org.tw/en/cp-139-7876-396bd-2.html

Source: twcert@cert.org.tw

https://www.twcert.org.tw/tw/cp-132-7875-872d3-1.html

Source: twcert@cert.org.tw

https://www.twcert.org.tw/en/cp-139-7876-396bd-2.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.twcert.org.tw/tw/cp-132-7875-872d3-1.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.