CVE-2022-25597 HIGH

CVE-2022-25597: ASUS RT-AC86U - Command Injection

Vendor Asus
Product RT-AC86U
Weakness CWE-78
Published April 7, 2022
Last update September 16, 2024

CVSS base score

8.8/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

ASUS RT-AC86U’s LPD service has insufficient filtering for special characters in the user request, which allows an unauthenticated LAN attacker to perform command injection attack, execute arbitrary commands and disrupt or terminate service.

Key dates

02Disclosure timeline

April 7, 2022 CVE published
September 16, 2024 Record updated