CVE-2024-26342
Published: 28 February 2024
Summary
CVE-2024-26342 is a high-severity NULL Pointer Dereference (CWE-476) vulnerability in Asus 4G-Ac68U Firmware. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Network Denial of Service (T1498); ranked in the top 32.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-23611
Vulnerability details
A Null pointer dereference in usr/sbin/httpd in ASUS AC68U 3.0.0.4.384.82230 allows remote attackers to trigger DoS via network packet.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Null pointer dereference in httpd allows remote attackers to crash the service via crafted network packet, enabling Network Denial of Service (T1498) and Endpoint Denial of Service via application exploitation (T1499.004).
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.