CVE-2023-39780
CVE-2023-39780
In short
An authenticated attacker can run arbitrary commands on an ASUS RT-AX55 router by sending a specially crafted request to a web interface parameter. This allows complete control over the device.
Technical detail
OS command injection vulnerability in the /start_apply.htm endpoint via the qos_bw_rulelist parameter on ASUS RT-AX55 3.0.0.4.386.51598. Requires prior authentication but allows unauthenticated remote code execution after initial access. Impact includes full device compromise and network control.
Summary generated and translated by AI from the official description.
On ASUS RT-AX55 3.0.0.4.386.51598 devices, authenticated attackers can perform OS command injection via the /start_apply.htm qos_bw_rulelist parameter. NOTE: for the similar "token-generated module" issue, see CVE-2023-41345; for the similar "token-refresh module" issue, see CVE-2023-41346; for the similar "check token module" issue, see CVE-2023-41347; and for the similar "code-authentication module" issue, see CVE-2023-41348.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
ASUS · RT-AX55Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/1/EN.mdhttps://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/2/EN.mdhttps://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/3/EN.mdhttps://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/4/EN.mdhttps://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/5/EN.mdhttps://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/6/EN.mdhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-39780https://www.greynoise.io/blog/stealthy-backdoor-campaign-affecting-asus-routers