← back
CVE-2024-28326

CVE-2024-28326

CVSS 6.8 MEDIUMEPSS 0.3%CWE-1263
In short

ASUS RT-N12+ B1 and RT-N12 D1 routers have a security flaw that allows someone with physical access to the UART interface to gain complete root control of the device. This matters because it exposes the router to full compromise if an attacker can physically access it.

Technical detail

Incorrect access control on the UART interface in ASUS RT-N12+ B1 and RT-N12 D1 routers permits local attackers with physical access to the serial port to obtain root terminal privileges. The vulnerability stems from insufficient authentication mechanisms protecting the UART debug interface, enabling arbitrary command execution with elevated privileges.

Summary generated and translated by AI from the official description.
Incorrect Access Control in ASUS RT-N12+ B1 and RT-N12 D1 routers allows local attackers to obtain root terminal access via the the UART interface.
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://asus.comhttps://github.com/ShravanSinghRathore/ASUS-RT-N300-B1/wiki/Privilege-Escalation-CVE%E2%80%902024%E2%80%9028326