1. Home
  2. CVE Database
  3. CVE-2022-26376
CRITICAL · 9.8

CVE-2022-26376

A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead...

Vulnerability Description

A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
AsusAsuswrt< 3.0.0.4.386_48706
Asuswrt-MerlinNew Gen< 386.7
AsusXt8 Firmware< 3.0.0.4.386_48706
AsusXt8-
AsusTuf-Ax3000 V2 Firmware< 3.0.0.4.386_48750
AsusTuf-Ax3000 V2-
AsusXd4 Firmware< 3.0.0.4.386_48790
AsusXd4-
AsusEt12 Firmware< 3.0.0.4.386_48823
AsusEt12-
AsusGt-Ax6000 Firmware< 3.0.0.4.386_48823
AsusGt-Ax6000-
AsusXt12 Firmware< 3.0.0.4.386_48823
AsusXt12-
AsusRt-Ax58U Firmware< 3.0.0.4.386_48908
AsusRt-Ax58U-
AsusXt9 Firmware< 3.0.0.4.388_20027
AsusXt9-
AsusXd6 Firmware< 3.0.0.4.386_49356
AsusXd6-

Related Weaknesses (CWE)

CWE-787

References

FAQ

What is CVE-2022-26376?

CVE-2022-26376 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead...

How severe is CVE-2022-26376?

CVE-2022-26376 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2022-26376?

Check the references section above for vendor advisories and patch information. Affected products include: Asus Asuswrt, Asuswrt-Merlin New Gen, Asus Xt8 Firmware, Asus Xt8, Asus Tuf-Ax3000 V2 Firmware.