ASUS RT-AX56U's SQL Injection Vulnerability: Unauthenticated LAN Attackers Can Manipulate Database

ASUS RT-AX56U's SQL Injection Vulnerability: Unauthenticated LAN Attackers Can Manipulate Database

CVE-2022-23972 · HIGH Severity

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation. An unauthenticated LAN attacker to inject arbitrary SQL code to read, modify and delete database.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.