CVE-2023-41349 HIGH

CVE-2023-41349: ASUS RT-AX88U - externally-controlled format string

Vendor Asus
Product RT-AX88U
Weakness CWE-134
Published September 18, 2023
Last update September 25, 2024

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

ASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. An authenticated remote attacker can exploit the exported OpenVPN configuration to execute an externally-controlled format string attack, resulting in sensitivity information leakage, or forcing the device to reset and permanent denial of service.

Key dates

02Disclosure timeline

September 18, 2023 CVE published
September 25, 2024 Record updated