{"vulnerability": "cve-2023-39239", "sightings": [{"uuid": "bc045e1b-8e42-49ac-a28d-dc4cb2fb11cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39239", "type": "seen", "source": "https://t.me/Russian_OSINT/2996", "content": "\u041c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u044b ASUS RT-AX55, RT-AX56U_V2 \u0438 RT-AC86U \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u044b \u2194\ufe0f3 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043c\u043e\u0433\u0443\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0437\u0430\u0432\u043b\u0430\u0434\u0435\u0442\u044c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c\u0438.\n\n1\ufe0f\u20e3CVE-2023-39238 (CVSS 9.8)\n2\ufe0f\u20e3CVE-2023-39239 (CVSS 9.8)\n3\ufe0f\u20e3CVE-2023-39240 (CVSS 9.8)\n\nhttps://securityaffairs.com/150399/iot/asus-routers-critical-rces.html\n\n\ud83d\udee1 \u041f\u043e\u0434\u043f\u0438\u0441\u0430\u0442\u044c\u0441\u044f @Russian_OSINT", "creation_timestamp": "2023-09-06T10:16:19.000000Z"}, {"uuid": "680f31eb-fdc2-48b3-9b18-161c960b6fcc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39239", "type": "seen", "source": "https://t.me/cibsecurity/70052", "content": "\u203c CVE-2023-39239 \u203c\n\nIt is identified a format string vulnerability in ASUS RT-AX56U V2\u00e2\u20ac\u2122s General function API. This vulnerability is caused by lacking validation for a specific value within its apply.cgi module. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-07T12:18:33.000000Z"}]}