CVE-2024-12912 | THREATINT

Description

An improper input insertion vulnerability in AiCloud on certain router models may lead to arbitrary command execution. Refer to the '01/02/2025 ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information.

Reserved 2024-12-24 | Published 2025-01-02 | Updated 2025-01-06 | Assigner ASUS

HIGH: 7.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-20 Improper Input Validation

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

Product status

Default status

unaffected

3.0.0.4_382 series

affected

3.0.0.4_386 series

affected

3.0.0.4_388 series

affected

3.0.0.6_102 series

affected

References

www.asus.com/content/asus-product-security-advisory/

cve.org (CVE-2024-12912)

nvd.nist.gov (CVE-2024-12912)

Download JSON