Security Advisory

CVE-2022-23971

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-04-07 18:22:26

Last updated 2024-09-17 04:04:05

Assigner twcert

State PUBLISHED

Description

ASUS RT-AX56U’s update_PLC/PORT file has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another PLC/PORT file with the same file name, which results in service disruption.

← Browse all CVEs View on cve.org ↗