ASUS RT-AX92U lighttpd mod_webdav.so SQL Injection Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected ASUS RT-AX92U routers. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the mod_webdav.so module. When parsing a request, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-16078.

Related CVEs

CVE-2023-35720

Key Information

GHSA ID

GHSA-qm9c-rrj6-5xmx

Published

May 3, 2024 3:30 AM

Last Modified

May 3, 2024 3:30 AM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: September 30, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.