CVE-2024-0401
7.2
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. An authenticated and remote attacker can execute arbitrary operating system commands by uploading a crafted OVPN profile. Known affected routers include ASUS ExpertWiFi, ASUS RT-AX55, ASUS RT-AX58U, ASUS RT-AC67U, ASUS RT-AC68R, ASUS RT-AC68U, ASUS RT-AX86, ASUS RT-AC86U, ASUS RT-AX88U, and ASUS RT-AX3000.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ASUS | ExpertWiFi | 0 < 3.0.0.6.102_44544 | affected |
| ASUS | RT-AX55 | 0 < 3.0.0.4.386_52303 | affected |
| ASUS | RT-AX58U | 0 < 3.0.0.4.388_24762 | affected |
| ASUS | RT-AC67U | 0 < 3.0.0.4.386_51685 | affected |
| ASUS | RT-AC68R | 0 < 3.0.0.4.386_51685 | affected |
| ASUS | RT-AC68U | 0 < 3.0.0.4.386_51685 | affected |
| ASUS | RT-AX86 Series | 0 < 3.0.0.4.388_24243 | affected |
| ASUS | RT-AC86U | 0 < 3.0.0.4.386_51925 | affected |
| ASUS | RT-AX88U | 0 < 3.0.0.4.388_24209 | affected |
| ASUS | RT-AX3000 | 0 < 3.0.0.4.388_24762 | affected |
Weaknesses
- CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.