ID CVE-2022-26376
Summary A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.
References
Vulnerable Configurations
  • cpe:2.3:o:asus:asuswrt:-:*:*:*:*:*:*:*
    cpe:2.3:o:asus:asuswrt:-:*:*:*:*:*:*:*
  • cpe:2.3:o:asus:asuswrt:3.0.0.4.378:*:*:*:*:*:*:*
    cpe:2.3:o:asus:asuswrt:3.0.0.4.378:*:*:*:*:*:*:*
  • cpe:2.3:o:asus:asuswrt:3.0.0.4.380.7743:*:*:*:*:*:*:*
    cpe:2.3:o:asus:asuswrt:3.0.0.4.380.7743:*:*:*:*:*:*:*
  • cpe:2.3:o:asus:asuswrt:3.0.0.4.384.20308:*:*:*:*:*:*:*
    cpe:2.3:o:asus:asuswrt:3.0.0.4.384.20308:*:*:*:*:*:*:*
  • cpe:2.3:o:asus:asuswrt:3.0.0.4.384_10007:*:*:*:*:*:*:*
    cpe:2.3:o:asus:asuswrt:3.0.0.4.384_10007:*:*:*:*:*:*:*
  • cpe:2.3:o:asuswrt-merlin:new_gen:-:*:*:*:*:*:*:*
    cpe:2.3:o:asuswrt-merlin:new_gen:-:*:*:*:*:*:*:*
  • cpe:2.3:o:asus:xt8_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:asus:xt8_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:asus:xt8:-:*:*:*:*:*:*:*
    cpe:2.3:h:asus:xt8:-:*:*:*:*:*:*:*
  • cpe:2.3:o:asus:tuf-ax3000_v2_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:asus:tuf-ax3000_v2_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:asus:tuf-ax3000_v2:-:*:*:*:*:*:*:*
    cpe:2.3:h:asus:tuf-ax3000_v2:-:*:*:*:*:*:*:*
  • cpe:2.3:o:asus:xd4_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:asus:xd4_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:asus:xd4:-:*:*:*:*:*:*:*
    cpe:2.3:h:asus:xd4:-:*:*:*:*:*:*:*
  • cpe:2.3:o:asus:et12_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:asus:et12_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:asus:et12:-:*:*:*:*:*:*:*
    cpe:2.3:h:asus:et12:-:*:*:*:*:*:*:*
  • cpe:2.3:o:asus:gt-ax6000_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:asus:gt-ax6000_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:asus:gt-ax6000:-:*:*:*:*:*:*:*
    cpe:2.3:h:asus:gt-ax6000:-:*:*:*:*:*:*:*
  • cpe:2.3:o:asus:xt12_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:asus:xt12_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:asus:xt12:-:*:*:*:*:*:*:*
    cpe:2.3:h:asus:xt12:-:*:*:*:*:*:*:*
  • cpe:2.3:o:asus:rt-ax58u_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:asus:rt-ax58u_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:asus:rt-ax58u_firmware:3.0.0.4.386.46061:*:*:*:*:*:*:*
    cpe:2.3:o:asus:rt-ax58u_firmware:3.0.0.4.386.46061:*:*:*:*:*:*:*
  • cpe:2.3:h:asus:rt-ax58u:-:*:*:*:*:*:*:*
    cpe:2.3:h:asus:rt-ax58u:-:*:*:*:*:*:*:*
  • cpe:2.3:o:asus:xt9_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:asus:xt9_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:asus:xt9:-:*:*:*:*:*:*:*
    cpe:2.3:h:asus:xt9:-:*:*:*:*:*:*:*
  • cpe:2.3:o:asus:xd6_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:asus:xd6_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:asus:xd6:-:*:*:*:*:*:*:*
    cpe:2.3:h:asus:xd6:-:*:*:*:*:*:*:*
  • cpe:2.3:o:asus:gt-ax11000_pro_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:asus:gt-ax11000_pro_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:asus:gt-ax11000_pro:-:*:*:*:*:*:*:*
    cpe:2.3:h:asus:gt-ax11000_pro:-:*:*:*:*:*:*:*
  • cpe:2.3:o:asus:gt-axe16000_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:asus:gt-axe16000_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:asus:gt-axe16000:-:*:*:*:*:*:*:*
    cpe:2.3:h:asus:gt-axe16000:-:*:*:*:*:*:*:*
  • cpe:2.3:o:asus:rt-ax86u_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:asus:rt-ax86u_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:asus:rt-ax86u_firmware:3.0.0.4.386.46061:*:*:*:*:*:*:*
    cpe:2.3:o:asus:rt-ax86u_firmware:3.0.0.4.386.46061:*:*:*:*:*:*:*
  • cpe:2.3:h:asus:rt-ax86u:-:*:*:*:*:*:*:*
    cpe:2.3:h:asus:rt-ax86u:-:*:*:*:*:*:*:*
  • cpe:2.3:o:asus:rt-ax68u_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:asus:rt-ax68u_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:asus:rt-ax68u_firmware:3.0.0.4.386.46061:*:*:*:*:*:*:*
    cpe:2.3:o:asus:rt-ax68u_firmware:3.0.0.4.386.46061:*:*:*:*:*:*:*
  • cpe:2.3:h:asus:rt-ax68u:-:*:*:*:*:*:*:*
    cpe:2.3:h:asus:rt-ax68u:-:*:*:*:*:*:*:*
  • cpe:2.3:o:asus:rt-ax82u_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:asus:rt-ax82u_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:asus:rt-ax82u_firmware:3.0.0.4.386.46061:*:*:*:*:*:*:*
    cpe:2.3:o:asus:rt-ax82u_firmware:3.0.0.4.386.46061:*:*:*:*:*:*:*
  • cpe:2.3:h:asus:rt-ax82u:-:*:*:*:*:*:*:*
    cpe:2.3:h:asus:rt-ax82u:-:*:*:*:*:*:*:*
  • cpe:2.3:o:asus:rt-ax56u_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:asus:rt-ax56u_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:asus:rt-ax56u_firmware:3.0.0.4.386.44266:*:*:*:*:*:*:*
    cpe:2.3:o:asus:rt-ax56u_firmware:3.0.0.4.386.44266:*:*:*:*:*:*:*
  • cpe:2.3:o:asus:rt-ax56u_firmware:3.0.0.4.386.45898:*:*:*:*:*:*:*
    cpe:2.3:o:asus:rt-ax56u_firmware:3.0.0.4.386.45898:*:*:*:*:*:*:*
  • cpe:2.3:o:asus:rt-ax56u_firmware:3.0.0.4.386.46061:*:*:*:*:*:*:*
    cpe:2.3:o:asus:rt-ax56u_firmware:3.0.0.4.386.46061:*:*:*:*:*:*:*
  • cpe:2.3:h:asus:rt-ax56u:-:*:*:*:*:*:*:*
    cpe:2.3:h:asus:rt-ax56u:-:*:*:*:*:*:*:*
  • cpe:2.3:o:asus:rt-ax55_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:asus:rt-ax55_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:asus:rt-ax55_firmware:3.0.0.4.386.46061:*:*:*:*:*:*:*
    cpe:2.3:o:asus:rt-ax55_firmware:3.0.0.4.386.46061:*:*:*:*:*:*:*
  • cpe:2.3:h:asus:rt-ax55:-:*:*:*:*:*:*:*
    cpe:2.3:h:asus:rt-ax55:-:*:*:*:*:*:*:*
  • cpe:2.3:o:asus:gt-ax11000_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:asus:gt-ax11000_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:asus:gt-ax11000_firmware:3.0.0.4.386.45898:*:*:*:*:*:*:*
    cpe:2.3:o:asus:gt-ax11000_firmware:3.0.0.4.386.45898:*:*:*:*:*:*:*
  • cpe:2.3:h:asus:gt-ax11000:-:*:*:*:*:*:*:*
    cpe:2.3:h:asus:gt-ax11000:-:*:*:*:*:*:*:*
CVSS
Base: None
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
Impact
ConfidentialityIntegrityAvailability
Last major update 02-12-2022 - 20:08
Published 05-08-2022 - 22:15
Last modified 02-12-2022 - 20:08
Back to Top