CVE-2023-35087 in RT-AX56U V2info

Summary

by MITRE • 07/21/2023

It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by lacking validation for a specific value when calling cm_processChangedConfigMsg in ccm_processREQ_CHANGED_CONFIG function in AiMesh system. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service. This issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_51529.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 07/21/2023

The vulnerability identified as CVE-2023-35087 represents a critical format string vulnerability within the ASUS RT-AX56U V2 and RT-AC86U router models, specifically affecting firmware versions 3.0.0.4.386_50460 and 3.0.0.4_386_51529 respectively. This flaw exists within the AiMesh system's ccm_processREQ_CHANGED_CONFIG function where the cm_processChangedConfigMsg routine fails to properly validate input parameters, creating a dangerous condition that allows attackers to manipulate memory through crafted format specifiers. The vulnerability stems from insufficient input sanitization in the configuration processing pipeline, which directly violates security principles outlined in CWE-134, which specifically addresses format string vulnerabilities where user-supplied data is used as format strings without proper validation or sanitization. The implications of this weakness extend beyond simple data corruption, as it enables an unauthenticated remote attacker to execute arbitrary code on the affected devices, fundamentally compromising the integrity and confidentiality of the network infrastructure.

The technical exploitation of this vulnerability occurs through the manipulation of configuration messages within the AiMesh system, where the lack of input validation allows attackers to inject malicious format specifiers that can trigger buffer overflows or memory corruption. This type of vulnerability falls under the ATT&CK framework's technique T1059.007 for command and scripting interpreter, specifically targeting the use of format string vulnerabilities for code execution. The attacker can leverage this weakness to perform arbitrary system operations, including but not limited to executing shell commands, modifying system configurations, or even installing persistent backdoors on the affected routers. The vulnerability's remote nature means that attackers do not require physical access or local network privileges to exploit the flaw, making it particularly dangerous for enterprise and home network environments where such devices are often deployed without adequate security monitoring or network segmentation. The impact extends to service disruption as attackers can potentially cause denial of service conditions by corrupting critical system memory structures or by executing malicious code that consumes system resources.

The operational impact of CVE-2023-35087 is severe for organizations and individuals relying on these ASUS router models, as it provides a complete compromise of the network gateway device. Once exploited, attackers gain full control over the affected router's functionality, enabling them to monitor network traffic, redirect requests to malicious sites, or establish persistent access points within the network. The vulnerability's presence in the AiMesh system architecture means that even if individual devices are not directly compromised, the entire mesh network can be compromised through a single vulnerable node. Network administrators should consider implementing immediate mitigations including firmware updates from ASUS, network segmentation to isolate affected devices, and enhanced monitoring for unusual network behavior patterns. The vulnerability's classification under CWE-134 and its exploitation techniques align with ATT&CK's T1021.001 for remote services, indicating that organizations must review their network security posture and implement proper access controls and network monitoring to detect potential exploitation attempts. Given the nature of the vulnerability, it is recommended that all affected devices be taken offline immediately until proper security patches are applied and network configurations are verified to prevent unauthorized access to critical network infrastructure.

Responsible

TWCERT/CC

Reservation

06/13/2023

Disclosure

07/21/2023

Moderation

accepted

CPE

ready

EPSS

0.00890

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!