go to Content

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center


ASUS RT-AX88U - externally-controlled format string

TVN ID TVN-202309010
CVE ID CVE-2023-41349
CVSS 8.8 (High)
Affected Products RT-AX88U: prior to
Description ASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. An authenticated remote attacker can exploit the exported OpenVPN configuration to execute a externally-controlled format string attack, resulting in sensitivity information leakage, or forcing the device to reset and permanent denial of service.
Solution Update version to
Public Date 2023-09-20