CVE-2022-23973 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2022-23973?

CVE-2022-23973 has a CVSS score of 8.8 (HIGH). This vulnerability allows unauthenticated attackers on the local network to execute arbitrary code on ASUS RT-AX56U routers by exploiting a stack-based buffer overflow in the user profile configuration function. Attackers can take full control of affected devices to perform malicious operations or disrupt services. Only ASUS RT-AX56U router users are affected.

📋 TL;DR

This vulnerability allows unauthenticated attackers on the local network to execute arbitrary code on ASUS RT-AX56U routers by exploiting a stack-based buffer overflow in the user profile configuration function. Attackers can take full control of affected devices to perform malicious operations or disrupt services. Only ASUS RT-AX56U router users are affected.

💻 Affected Systems

Products:

ASUS RT-AX56U

Versions: Firmware versions prior to 3.0.0.4.386.45956

Operating Systems: ASUSWRT firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Rt Ax56u Firmware by Asus

View all CVEs affecting Rt Ax56u Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router compromise allowing attacker to intercept all network traffic, install persistent malware, pivot to other devices on the network, or permanently brick the device.

🟠

Likely Case

Router takeover leading to DNS hijacking, credential theft from network traffic, installation of backdoors, or denial of service.

🟢

If Mitigated

Limited impact if network segmentation isolates the router from critical systems and regular monitoring detects anomalous behavior.

🌐 Internet-Facing: LOW (Requires LAN access, not directly exploitable from internet)

🏢 Internal Only: HIGH (Exploitable by any device on the local network without authentication)

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires LAN access but no authentication. Public technical details available in CERT advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware version 3.0.0.4.386.45956 or later

Vendor Advisory: https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX56U/HelpDesk_BIOS/

Restart Required: Yes

Instructions:

1. Log into router admin interface. 2. Navigate to Administration > Firmware Upgrade. 3. Download latest firmware from ASUS support site. 4. Upload and apply firmware update. 5. Reboot router after update completes.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate router management interface to separate VLAN or restrict access to trusted devices only

Disable Unnecessary Services

all

Disable remote management and any unused router features to reduce attack surface

🧯 If You Can't Patch

Replace router with patched model or different vendor
Implement strict network access controls to limit LAN devices that can communicate with router

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router admin interface under Administration > Firmware Upgrade

Check Version:

Login to router web interface and check firmware version in System Status or Administration section

Verify Fix Applied:

Confirm firmware version is 3.0.0.4.386.45956 or higher in admin interface

📡 Detection & Monitoring

Log Indicators:

Multiple failed authentication attempts to router admin interface
Unusual process execution on router
Configuration changes from unknown IPs

Network Indicators:

Unusual outbound connections from router
DNS queries to suspicious domains from router
Port scanning originating from router

SIEM Query:

source="router_logs" AND (event_type="buffer_overflow" OR event_type="privilege_escalation" OR event_type="arbitrary_code_execution")

📊 Metadata

CVE ID: CVE-2022-23973

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: April 7, 2022

Last Updated: November 21, 2024

🔗 References

https://www.twcert.org.tw/tw/cp-132-5787-b0e64-1.html Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-5787-b0e64-1.html Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-23973, you might also want to check these: