CVE-2023-38031 - Vulnerability Details - OpenCVE

ASUS RT-AC86U Adaptive QoS - Web History function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.01095.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Asus	Rt-ac86u Rt-ac86u Firmware

Configuration 1 [-]

AND

cpe:2.3:o:asus:rt-ac86u_firmware:3.0.0.4_386_51529:*:*:*:*:*:*:*

cpe:2.3:h:asus:rt-ac86u:-:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-41858	ASUS RT-AC86U Adaptive QoS - Web History function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.

Fixes

Solution

Update to 3.0.0.4.386_51915

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.twcert.org.tw/tw/cp-132-7348-56989-1.html

History

Thu, 26 Sep 2024 20:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: twcert

Published: 2023-09-07T03:24:38.199Z

Updated: 2024-09-26T19:27:07.193Z

Reserved: 2023-07-12T00:37:03.717Z

Link: CVE-2023-38031

Vulnrichment

Updated: 2024-08-02T17:30:13.553Z

NVD

Status : Modified

Published: 2023-09-07T04:15:10.273

Modified: 2024-11-21T08:12:42.693

Link: CVE-2023-38031

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-38031", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "state": "PUBLISHED", "assignerShortName": "twcert", "dateReserved": "2023-07-12T00:37:03.717Z", "datePublished": "2023-09-07T03:24:38.199Z", "dateUpdated": "2024-09-26T19:27:07.193Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": " RT-AC86U", "vendor": "ASUS", "versions": [{"status": "affected", "version": "3.0.0.4.386.51529"}]}], "datePublic": "2023-09-15T01:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<table><tbody><tr><td><p>ASUS RT-AC86U Adaptive QoS - Web History function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.</p></td></tr></tbody></table>\n\n"}], "value": "\nASUS RT-AC86U Adaptive QoS - Web History function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.\n\n\n\n"}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2023-09-07T03:24:38.199Z"}, "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7348-56989-1.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\nUpdate to 3.0.0.4.386_51915\n\n<br>"}], "value": "\nUpdate to\u00a03.0.0.4.386_51915\n\n\n"}], "source": {"advisory": "TVN-202309002", "discovery": "EXTERNAL"}, "title": "ASUS RT-AC86U - Command injection vulnerability - 1", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:30:13.553Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7348-56989-1.html", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "asus", "product": "rt-ac86u", "cpes": ["cpe:2.3:h:asus:rt-ac86u:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "3.0.0.4.386.51529", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-26T19:26:22.655251Z", "id": "CVE-2023-38031", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-26T19:27:07.193Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7348-56989-1.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:30:13.553Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-38031", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-26T19:26:22.655251Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:asus:rt-ac86u:-:*:*:*:*:*:*:*"], "vendor": "asus", "product": "rt-ac86u", "versions": [{"status": "affected", "version": "3.0.0.4.386.51529"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-26T19:27:01.692Z"}}], "cna": {"title": "ASUS RT-AC86U - Command injection vulnerability - 1", "source": {"advisory": "TVN-202309002", "discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ASUS", "product": " RT-AC86U", "versions": [{"status": "affected", "version": "3.0.0.4.386.51529"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "\nUpdate to\u00a03.0.0.4.386_51915\n\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\nUpdate to 3.0.0.4.386_51915\n\n<br>", "base64": false}]}], "datePublic": "2023-09-15T01:00:00.000Z", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7348-56989-1.html"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\nASUS RT-AC86U Adaptive QoS - Web History function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.\n\n\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<table><tbody><tr><td><p>ASUS RT-AC86U Adaptive QoS - Web History function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.</p></td></tr></tbody></table>\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2023-09-07T03:24:38.199Z"}}}, "cveMetadata": {"cveId": "CVE-2023-38031", "state": "PUBLISHED", "dateUpdated": "2024-09-26T19:27:07.193Z", "dateReserved": "2023-07-12T00:37:03.717Z", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "datePublished": "2023-09-07T03:24:38.199Z", "assignerShortName": "twcert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:asus:rt-ac86u_firmware:3.0.0.4_386_51529:*:*:*:*:*:*:*", "matchCriteriaId": "E3A1AA3F-0CCF-41B0-B8D7-2D72D82C0261", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:asus:rt-ac86u:-:*:*:*:*:*:*:*", "matchCriteriaId": "89095282-ABBD-4056-B731-7F05638DB1A6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "\nASUS RT-AC86U Adaptive QoS - Web History function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.\n\n\n\n"}, {"lang": "es", "value": "La funci\u00f3n Adaptive Qos - Web History de ASUS RT-AC86U tiene un filtrado insuficiente de caracteres especiales. Un atacante remoto con privilegios de usuario normal puede aprovechar esta vulnerabilidad para realizar un ataque de inyecci\u00f3n de comandos para ejecutar comandos arbitrarios, interrumpir el sistema o terminar servicios."}], "id": "CVE-2023-38031", "lastModified": "2024-11-21T08:12:42.693", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "twcert@cert.org.tw", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-07T04:15:10.273", "references": [{"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-7348-56989-1.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-7348-56989-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "twcert@cert.org.tw", "type": "Secondary"}]}