Use of a Key Past its Expiration Date

CVE-2022-35401

High

8.1/10

Summary

An authentication bypass vulnerability exists in the get_IFTTTTtoken.cgi functionality of Asus RT-AX82U 3.0.0.4.386_49674-ge182230. A specially-crafted HTTP request can lead to full administrative access to the device. An attacker would need to send a series of HTTP requests to exploit this vulnerability.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-324 - Use of a Key Past its Expiration Date

The product uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key.

References

Advisory Timeline

Published Jan 10, 2023

Use of a Key Past its Expiration Date

CVE-2022-35401

Summary

CWE-324 - Use of a Key Past its Expiration Date

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS