CVE-2023-41347 – This vulnerability in ASUS RT-AX55 routers allo... (How to Fix)

Q: What is the severity of CVE-2023-41347?

CVE-2023-41347 has a CVSS score of 8.8 (HIGH). This vulnerability in ASUS RT-AX55 routers allows authenticated remote attackers to inject malicious commands through insufficient filtering of special characters in the authentication token module. Attackers can execute arbitrary commands, disrupt services, or take control of affected devices. Only ASUS RT-AX55 router users are affected.

📋 TL;DR

This vulnerability in ASUS RT-AX55 routers allows authenticated remote attackers to inject malicious commands through insufficient filtering of special characters in the authentication token module. Attackers can execute arbitrary commands, disrupt services, or take control of affected devices. Only ASUS RT-AX55 router users are affected.

💻 Affected Systems

Products:

ASUS RT-AX55

Versions: All versions prior to patched firmware

Operating Systems: ASUSWRT firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects routers with web interface enabled and default authentication settings.

📦 What is this software?

Rt Ax55 Firmware by Asus

View all CVEs affecting Rt Ax55 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attacker to install persistent backdoors, intercept network traffic, pivot to internal networks, or brick the device.

🟠

Likely Case

Attacker gains shell access to execute commands, potentially installing malware, modifying configurations, or disrupting network services.

🟢

If Mitigated

Limited impact with proper network segmentation, strong authentication, and monitoring preventing successful exploitation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires authenticated access but command injection is straightforward once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check ASUS support for latest firmware

Vendor Advisory: https://www.asus.com/support/

Restart Required: Yes

Instructions:

1. Log into router admin interface. 2. Navigate to Administration > Firmware Upgrade. 3. Check for updates. 4. Download and install latest firmware. 5. Reboot router.

🔧 Temporary Workarounds

Disable remote administration

all

Prevents external attackers from accessing the vulnerable interface

Use strong authentication

all

Implement complex passwords and multi-factor authentication if supported

🧯 If You Can't Patch

Segment router on isolated network segment
Implement strict firewall rules limiting access to router management interface

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router admin interface under Administration > Firmware Upgrade

Check Version:

Login to router web interface and check firmware version

Verify Fix Applied:

Verify firmware version matches latest patched version from ASUS support site

📡 Detection & Monitoring

Log Indicators:

Unusual command execution in system logs
Multiple authentication attempts
Suspicious POST requests to authentication endpoints

Network Indicators:

Unusual outbound connections from router
Traffic to known malicious IPs from router

SIEM Query:

source="router_logs" AND (command="*;*" OR command="*|*" OR command="*`*" OR command="*$(*")

📊 Metadata

CVE ID: CVE-2023-41347

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

Published: November 3, 2023

Last Updated: November 21, 2024

🔗 References

https://www.twcert.org.tw/tw/cp-132-7498-18012-1.html Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-7498-18012-1.html Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-41347, you might also want to check these: