Improper Physical Access Control

CVE-2024-28326

Medium

6.8/10

Summary

Incorrect Access Control in ASUS RT-N12+ B1 and RT-N12 D1 routers allows local attackers to obtain root terminal access via the the UART interface.

Attack Complexity: LOW
Attack Vector: PHYSICAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-1263 - Improper Physical Access Control

The product is designed with access restricted to certain information, but it does not sufficiently protect against an unauthorized actor with physical access to these areas.

References

Advisory Timeline

Published Apr 26, 2024

Improper Physical Access Control

CVE-2024-28326

Summary

CWE-1263 - Improper Physical Access Control

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS