What is CVE-2022-35401?

CVE-2022-35401 is a critical-severity vulnerability in Asus Rt-ax82u, classified under Use of a Key Past its Expiration Date. CVSS score: 9.0/10. Published 2023-01-10.

How severe is CVE-2022-35401?

Critical severity. CVSS v3 base score is 9.0 out of 10.

Is CVE-2022-35401 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Asus Rt-ax82u

CVE-2022-35401

An authentication bypass vulnerability exists in the get_IFTTTTtoken.cgi functionality of Asus RT-AX82U 3.0.0.4.386_49674-ge182230. A specially-crafted HTTP request can lead to full administrative access to the device. An attacker would ne…

EPSS: 0.001 (21.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.0 (Critical). Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H.

Affected products

Asus Rt-ax82u — versions 3.0.0.4.386_49674-ge182230

Weakness classification (CWE)

CWE-324 — Use of a Key Past its Expiration Date

Public proof-of-concept exploits

karimhabush/cyberowl

References

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1586

Frequently asked questions

What is CVE-2022-35401?: CVE-2022-35401 is a critical-severity vulnerability in Asus Rt-ax82u, classified under Use of a Key Past its Expiration Date. CVSS score: 9.0/10. Published 2023-01-10.
How severe is CVE-2022-35401?: Critical severity. CVSS v3 base score is 9.0 out of 10.
Is CVE-2022-35401 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.