exploitDog

CVE-2022-22054

Опубликовано: 14 янв. 2022

Источник: nvd

CVSS3: 6.5

CVSS2: 3.3

EPSS Низкий

Описание

ASUS RT-AX56U’s login function contains a path traversal vulnerability due to its inadequate filtering for special characters in URL parameters, which allows an unauthenticated local area network attacker to access restricted system paths and download arbitrary files.

Ссылки

https://www.twcert.org.tw/tw/cp-132-5508-59251-1.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-5508-59251-1.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:asus:rt-ax56u_firmware:3.0.0.4.386.44266:*:*:*:*:*:*:*

cpe:2.3:h:asus:rt-ax56u:-:*:*:*:*:*:*:*

EPSS

Процентиль: 29%

0.00103

Низкий

6.5 Medium

CVSS3

3.3 Low

CVSS2

Дефекты

CWE-22

CWE-22

Связанные уязвимости

GHSA-564g-xwvc-g44q

github

около 4 лет назад

ASUS RT-AX56U’s login function contains a path traversal vulnerability due to its inadequate filtering for special characters in URL parameters, which allows an unauthenticated local area network attacker to access restricted system paths and download arbitrary files.

EPSS

Процентиль: 29%

0.00103

Низкий

6.5 Medium

CVSS3

3.3 Low

CVSS2

Дефекты

CWE-22

CWE-22