cvedb.io
CVE-2021-40556
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2022-10-06T18:15:50.453 · Last modified 2026-06-17T04:07:07.530

Summary

A stack overflow vulnerability exists in the httpd service in ASUS RT-AX56U Router Version 3.0.0.4.386.44266. This vulnerability is caused by the strcat function called by "caupload" input handle function allowing the user to enter 0xFFFF bytes into the stack. This vulnerability allows an attacker to execute commands remotely. The vulnerability requires authentication.

Affected products

asus — rt-ax56u_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when asus ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.