CVE-2022-35401

Summary

An authentication bypass vulnerability exists in the get_IFTTTTtoken.cgi functionality of Asus RT-AX82U 3.0.0.4.386_49674-ge182230. A specially-crafted HTTP request can lead to full administrative access to the device. An attacker would need to send a series of HTTP requests to exploit this vulnerability.

Affected Software

VendorProductVersion RangeStatus
AsusRT-AX82U3.0.0.4.386_49674-ge182230affected

Weaknesses

  • CWE-324: CWE-324: Use of a Key Past its Expiration Date

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References