| TVN ID | TVN-202202003 |
|---|---|
| CVE ID | CVE-2022-23972 |
| CVSS | 8.8 (High) CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Affected Products | ASUS RT-AX56U firmware v3.0.0.4.386.45898 |
| Description | ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation. An unauthenticated LAN attacker to inject arbitrary SQL code to read, modify and delete database. |
| Solution | Update ASUS RT-AX56U firmware version to 3.0.0.4.386.45934 |
| Credit | hanpeng (Cyber Kunlun Lab) |
| Public Date | 2022-03-02 |
:::