OpenCVE

An information disclosure vulnerability exists in the cm_processREQ_NC opcode of Asus RT-AX82U 3.0.0.4.386_49674-ge182230 router's configuration service. A specially-crafted network packets can lead to a disclosure of sensitive information. An attacker can send a network request to trigger this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Asus	Rt-ax82u Rt-ax82u Firmware

Configuration 1 [-]

AND

cpe:2.3:o:asus:rt-ax82u_firmware:3.0.0.4.386_49674-ge182230:*:*:*:*:*:*:*

cpe:2.3:h:asus:rt-ax82u:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1590
https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1590

History

No history.

MITRE

Status: PUBLISHED

Assigner: talos

Published: 2023-01-10T20:44:26.241Z

Updated: 2024-08-03T10:45:52.594Z

Reserved: 2022-08-16T19:10:26.597Z

Link: CVE-2022-38105

Vulnrichment

Updated: 2024-08-03T10:45:52.594Z

NVD

Status : Modified

Published: 2023-01-10T21:15:11.883

Modified: 2024-11-21T07:15:48.197

Link: CVE-2022-38105

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-38105", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2022-08-16T19:10:26.597Z", "datePublished": "2023-01-10T20:44:26.241Z", "dateUpdated": "2024-08-03T10:45:52.594Z"}, "containers": {"cna": {"affected": [{"vendor": "Asus", "product": "RT-AX82U", "versions": [{"version": "3.0.0.4.386_49674-ge182230", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability exists in the cm_processREQ_NC opcode of Asus RT-AX82U 3.0.0.4.386_49674-ge182230 router's configuration service. A specially-crafted network packets can lead to a disclosure of sensitive information. An attacker can send a network request to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", "type": "CWE", "cweId": "CWE-119"}]}], "metrics": [{"cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2023-01-10T20:44:26.241Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1590", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1590"}]}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1590"}, {"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1590", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1590", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:45:52.594Z"}}, {"affected": [{"vendor": "asus", "product": "rt-ax82u_firmware", "cpes": ["cpe:2.3:o:asus:rt-ax82u_firmware:3.0.0.4.386_49674-ge182230:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "3.0.0.4.386_49674-ge182230", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-01T18:48:30.537076Z", "id": "CVE-2022-38105", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-01T18:50:02.295Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1590"}, {"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1590", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1590", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:45:52.594Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-38105", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-01T18:48:30.537076Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:asus:rt-ax82u_firmware:3.0.0.4.386_49674-ge182230:*:*:*:*:*:*:*"], "vendor": "asus", "product": "rt-ax82u_firmware", "versions": [{"status": "affected", "version": "3.0.0.4.386_49674-ge182230"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-01T18:49:58.342Z"}}], "cna": {"metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Asus", "product": "RT-AX82U", "versions": [{"status": "affected", "version": "3.0.0.4.386_49674-ge182230"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1590", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1590"}], "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability exists in the cm_processREQ_NC opcode of Asus RT-AX82U 3.0.0.4.386_49674-ge182230 router's configuration service. A specially-crafted network packets can lead to a disclosure of sensitive information. An attacker can send a network request to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2023-01-10T20:44:26.241Z"}}}, "cveMetadata": {"cveId": "CVE-2022-38105", "state": "PUBLISHED", "dateUpdated": "2024-08-03T10:45:52.594Z", "dateReserved": "2022-08-16T19:10:26.597Z", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "datePublished": "2023-01-10T20:44:26.241Z", "assignerShortName": "talos"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:asus:rt-ax82u_firmware:3.0.0.4.386_49674-ge182230:*:*:*:*:*:*:*", "matchCriteriaId": "937FDD30-F46D-4E79-AD45-DE76957EF3D4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:asus:rt-ax82u:-:*:*:*:*:*:*:*", "matchCriteriaId": "8D118305-CAFD-425F-8352-3B241D2E7702", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability exists in the cm_processREQ_NC opcode of Asus RT-AX82U 3.0.0.4.386_49674-ge182230 router's configuration service. A specially-crafted network packets can lead to a disclosure of sensitive information. An attacker can send a network request to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en el c\u00f3digo de operaci\u00f3n cm_processREQ_NC del servicio de configuraci\u00f3n de los router Asus RT-AX82U 3.0.0.4.386_49674-ge182230. Los paquetes de red especialmente manipulados pueden dar lugar a la divulgaci\u00f3n de informaci\u00f3n confidencial. Un atacante puede enviar una solicitud de red para desencadenar esta vulnerabilidad."}], "id": "CVE-2022-38105", "lastModified": "2024-11-21T07:15:48.197", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "talos-cna@cisco.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-10T21:15:11.883", "references": [{"source": "talos-cna@cisco.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1590"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1590"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1590"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "talos-cna@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}