Cyber Resilience

CVE-2023-39238

High

Published: 07 September 2023

Published
07 September 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0460 89.5th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-39238 is a high-severity Use of Externally-Controlled Format String (CWE-134) vulnerability in Asus Rt-Ax55 Firmware. Its CVSS base score is 7.2 (High).

Operationally, ranked in the top 10.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

It is identified a format string vulnerability in ASUS RT-AX56U V2. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_svr.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary…

more

code execution, arbitrary system operation or disrupt service.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

asus
rt-ax55 firmware
3.0.0.4.386_50460
asus
rt-ax56u v2 firmware
3.0.0.4.386_50460
asus
rt-ac86u firmware
3.0.0.4_386_51529

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References