A Wi-Fi 6 gaming router, the RT-AX82U can be configured via an HTTP server that is running on the local network, but also supports remote management and monitoring.
Last year, Cisco’s Talos researchers identified three critical- and high-severity security defects that could be exploited to bypass authentication, leak information, or cause a denial-of-service (DoS) condition on a vulnerable RT-AX82U router.
The most severe of these bugs is CVE-2022-35401 (CVSS score of 9.0), an authentication bypass exploitable via a series of crafted HTTP requests. An attacker could exploit the vulnerability to gain full administrative access to a vulnerable device.
