CVE-2023-31889 : An issue discovered in httpd in ASUS RT-AC51U with firmware version up to and in

An issue discovered in httpd in ASUS RT-AC51U with firmware version up to and including 3.0.0.4.380.8591 allows local attackers to cause a denial of service via crafted GET request.

Published 2024-04-29 21:15:47

Updated 2024-07-03 01:39:57

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2023-31889

Please log in to view affected product information.

Exploit prediction scoring system (EPSS) score for CVE-2023-31889

EPSS FAQ

0.03%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 8 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-31889

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	134c704f-9b21-4f2e-91b3-4a467353bcc0	2024-07-03
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2023-31889

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

References for CVE-2023-31889

https://gitlab.com/donnm/cves/-/blob/master/dos_rtac51u_httpd.md

dos_rtac51u_httpd.md · master · Donn Morrison / CVEs · GitLab

Jump to

Vulnerability Details : CVE-2023-31889

Products affected by CVE-2023-31889

Exploit prediction scoring system (EPSS) score for CVE-2023-31889

CVSS scores for CVE-2023-31889

CWE ids for CVE-2023-31889

References for CVE-2023-31889