CVE-2023-39780 - ASUS RT-AX55 Routers
AI Vulnerability ContextOn ASUS RT-AX55 3.0.0.4.386.51598 devices, authenticated attackers can perform OS command injection via the /start_apply.htm qos_bw_rulelist parameter. NOTE: for the similar "token-generated module" issue, see CVE-2023-41345; for the similar "token-refresh module" issue, see CVE-2023-41346; for the similar "check token module" issue, see CVE-2023-41347; and for the similar "code-authentication module" issue, see C...
Overview
A source-backed snapshot of this vulnerability.
On ASUS RT-AX55 3.0.0.4.386.51598 devices, authenticated attackers can perform OS command injection via the /start_apply.htm qos_bw_rulelist parameter. NOTE: for the similar "token-generated module" issue, see CVE-2023-41345; for the similar "token-refresh module" issue, see CVE-2023-41346; for the similar "check token module" issue, see CVE-2023-41347; and for the similar "code-authentication module" issue, see CVE-2023-41348.
Vulnerability status
How serious this vulnerability is and whether it is known to be exploited.
- CVE ID
- CVE-2023-39780
- Vendor/project
- ASUS
- Product
- RT-AX55 Routers
- Vulnerability name
- ASUS RT-AX55 Routers OS Command Injection Vulnerability
- Date added
- 2025-06-02
- Due date
- 2025-06-23
- Known ransomware campaign use
- Unknown
- CVSS v3
- 8.8
Exploit context
What the vulnerability is about.
On ASUS RT-AX55 3.0.0.4.386.51598 devices, authenticated attackers can perform OS command injection via the /start_apply.htm qos_bw_rulelist parameter. NOTE: for the similar "token-generated module" issue, see CVE-2023-41345; for the similar "token-refresh module" issue, see CVE-2023-41346; for the similar "check token module" issue, see CVE-2023-41347; and for the similar "code-authentication module" issue, see CVE-2023-41348.
Source evidence
Original public records and references for this page.
Original source
Original source links
Open the public records and source datasets used for this page.
