What is CVE-2022-25597?

CVE-2022-25597 is a high-severity vulnerability in Asus Rt-ac86u, classified under OS Command Injection. CVSS score: 8.8/10. Published 2022-04-07.

How severe is CVE-2022-25597?

High severity. CVSS v3 base score is 8.8 out of 10.

RCE in Asus Rt-ac86u

CVE-2022-25597

ASUS RT-AC86U’s LPD service has insufficient filtering for special characters in the user request, which allows an unauthenticated LAN attacker to perform command injection attack, execute arbitrary commands and disrupt or terminate servic…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.002 (44.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Asus Rt-ac86u — versions 3.0.0.4.386.45956

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

www.twcert.org.tw/tw/cp-132-5794-09c33-1.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-25597?: CVE-2022-25597 is a high-severity vulnerability in Asus Rt-ac86u, classified under OS Command Injection. CVSS score: 8.8/10. Published 2022-04-07.
How severe is CVE-2022-25597?: High severity. CVSS v3 base score is 8.8 out of 10.