CVE-2022-25597
HIGH8.8CVSS v3
5.8CVSS v2
0.22%
EPSS (exploit probability)
CWE-78CWE
Description
ASUS RT-AC86U’s LPD service has insufficient filtering for special characters in the user request, which allows an unauthenticated LAN attacker to perform command injection attack, execute arbitrary commands and disrupt or terminate service.
CVSS v3 vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected routers (1)
| Vendor | Model | Matched via | Affected versions | Fixed in | Patch? |
|---|---|---|---|---|---|
| ASUS | ASUS RT-AC86U | — |
— | — | No |