Release ASUS GT-AX6000 Firmware version 3.0.0.4.386.48823 (2022/05/16)

visortgw

Very Senior Member

forumuser92349234

New Around Here
After checking what those CVEs are it looks like CVE-2022-26674 is 9.8 and allows an unauthenticated remote attacker to write to arbitrary memory address and perform remote arbitrary code execution, arbitrary system operation or disrupt service.

It sounds exactly like exploit needed for those cyclop blink guys to get into our equipment.

So my question is if i have all ports closed, remote administration disabled is there a chance this exploit could affect me?

Also second vulnerability is XSS attack CVE-2022-26673.


Explain to me if this CVE-2022-26674 is dangerous. For example i visit a website attacker gets my ip address but my router has all ports closed and web administration disabled. Is there a chance this exploit can grant access to my router?
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top