| |
Vulnerability CVE-2022-25597
Published: 2022-04-07
| Description: |
ASUS RT-AC86U??s LPD service has insufficient filtering for special characters in the user request, which allows an unauthenticated LAN attacker to perform command injection attack, execute arbitrary commands and disrupt or terminate service. |
Type:
CWE-78 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
)
CVSS2 => (AV:A/AC:L/Au:N/C:P/I:P/A:P)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
5.8/10 |
6.4/10 |
6.5/10 |
| Exploit range |
Attack complexity |
Authentication |
Adjacent network |
Low |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
Partial |
Partial |
References: |
https://www.twcert.org.tw/tw/cp-132-5794-09c33-1.html
|
|
|
Copyright 2026, cxsecurity.com
|
|
|
