CVE-2022-26674 The RT-AX88U has a Format String vulnerability. An attacker can write to arbitrary memory address and perform remote arbitrary code execution, arbitrary system operation or disrupt service.

CVE-2022-26674 The RT-AX88U has a Format String vulnerability. An attacker can write to arbitrary memory address and perform remote arbitrary code execution, arbitrary system operation or disrupt service.

An attacker can send an attacker can send specially crafted HTML email to the targeted system, when the system process this email, it will result in the remote code execution, arbitrary system operation or disrupt service. The attacker must have the ability to send specially crafted HTML email, or have a valid remote access to the targeted system. This vulnerbility exists because of insecure handling of format string. An attacker can send specially crafted HTML email to the targeted system, when the system process this email, it will result in the remote code execution, arbitrary system operation or disrupt service. The attacker must have the ability to send specially crafted HTML email, or have a valid remote access to the targeted system. This vulnerbility exists because of insecure handling of format string. Remotely Exploitable with Remote code execution An attacker can send specially crafted HTML email to the targeted system, when the system process this email, it will result in the remote code execution, arbitrary system operation or disrupt service. The attacker must have the ability to send specially crafted HTML email, or have a valid remote access to the targeted system. This vulnerbility exists because of insecure handling of format string

Vulnerability Scenario

A company, ABC Software Inc., is a customer of a hosting provider. They are sending malicious emails to their clients and the hosting provider's servers. The email takes the format of -

"Dear Customer,

We regret to inform you that your access to our website will be withheld until you have successfully completed this form."

The HTML code has been designed in a way that causes the system process this email with remote code execution.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe