ASUS RT-AX56U's SQL Injection Vulnerability: Unauthenticated LAN Attackers Can Manipulate Database
CVE-2022-23972 · HIGH Severity
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation. An unauthenticated LAN attacker to inject arbitrary SQL code to read, modify and delete database.
Learn more about our Cis Benchmark Audit For Microsoft Sql Server.