Cyber Resilience

CVE-2022-26674

Critical

Published: 22 April 2022

Published
22 April 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0355 88.0th percentile
Risk Priority 22 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-26674 is a critical-severity Use of Externally-Controlled Format String (CWE-134) vulnerability in Asus Rt-Ax88U Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 12.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

ASUS RT-AX88U has a Format String vulnerability, which allows an unauthenticated remote attacker to write to arbitrary memory address and perform remote arbitrary code execution, arbitrary system operation or disrupt service.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

asus
rt-ax88u firmware
≤ 3.0.0.4.386.46065

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References