CVE-2023-41349

HIGH Year: 2023
CVSS v3 Score
8.8
High
Weakness Type
CWE-134
View all →

Vulnerability Description

ASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. An authenticated remote attacker can exploit the exported OpenVPN configuration to execute an externally-controlled format string attack, resulting in sensitivity information leakage, or forcing the device to reset and permanent denial of service.

Related Vulnerabilities

CVE-2014-8170

HIGH
CVSS:8.8(High)

ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, w...

CWE-1342014

CVE-2016-10773

HIGH
CVSS:8.8(High)

cPanel before 60.0.25 allows format-string injection in exception-message handling (SEC-171).

CWE-1342016

CVE-2016-5716

HIGH
CVSS:8.8(High)

The console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 includes unsafe string reads that potentially allows for remote code execution on the console node.

CWE-1342016

CVE-2017-12702

HIGH
CVSS:8.8(High)

An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. String format specifiers based on user provided input are not properly validated, wh...

CWE-1342017

CVE-2017-2403

HIGH
CVSS:8.8(High)

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Printing" component. A format-string vulnerability allows remote attackers to execute arbit...

CWE-1342017

CVE-2019-7228

HIGH
CVSS:8.8(High)

The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Attempting to authenticate with the username %25s%25p%25x%25n will crash the server. Sendi...

CWE-1342019