cvedb.io
CVE-2022-25597
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2022-04-07T19:15:08.860 · Last modified 2026-06-17T04:33:44.340

Summary

ASUS RT-AC86U’s LPD service has insufficient filtering for special characters in the user request, which allows an unauthenticated LAN attacker to perform command injection attack, execute arbitrary commands and disrupt or terminate service.

Affected products

asus — rt-ac86u_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when asus ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.