Filtered by vendor Asus
Subscribe
Total
268 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26376 | 2 Asus, Asuswrt-merlin | 36 Asuswrt, Et12, Et12 Firmware and 33 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. | |||||
| CVE-2022-25597 | 1 Asus | 2 Rt-ac86u, Rt-ac86u Firmware | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| ASUS RT-AC86U’s LPD service has insufficient filtering for special characters in the user request, which allows an unauthenticated LAN attacker to perform command injection attack, execute arbitrary commands and disrupt or terminate service. | |||||
| CVE-2022-25596 | 1 Asus | 2 Rt-ac86u, Rt-ac86u Firmware | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| ASUS RT-AC56U’s configuration function has a heap-based buffer overflow vulnerability due to insufficient validation for the decryption parameter length, which allows an unauthenticated LAN attacker to execute arbitrary code, perform arbitrary operations and disrupt service. | |||||
| CVE-2022-25595 | 1 Asus | 2 Rt-ac86u, Rt-ac86u Firmware | 2024-11-21 | 6.1 MEDIUM | 6.5 MEDIUM |
| ASUS RT-AC86U has improper user request handling, which allows an unauthenticated LAN attacker to cause a denial of service by sending particular request a server-to-client reply attempt. | |||||
| CVE-2022-23973 | 1 Asus | 2 Rt-ax56u, Rt-ax56u Firmware | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| ASUS RT-AX56U’s user profile configuration function is vulnerable to stack-based buffer overflow due to insufficient validation for parameter length. An unauthenticated LAN attacker can execute arbitrary code to perform arbitrary operations or disrupt service. | |||||
| CVE-2022-23972 | 1 Asus | 2 Rt-ax56u, Rt-ax56u Firmware | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation. An unauthenticated LAN attacker to inject arbitrary SQL code to read, modify and delete database. | |||||
| CVE-2022-23971 | 1 Asus | 2 Rt-ax56u, Rt-ax56u Firmware | 2024-11-21 | 4.8 MEDIUM | 8.1 HIGH |
| ASUS RT-AX56U’s update_PLC/PORT file has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another PLC/PORT file with the same file name, which results in service disruption. | |||||
| CVE-2022-23970 | 1 Asus | 2 Rt-ax56u, Rt-ax56u Firmware | 2024-11-21 | 4.8 MEDIUM | 8.1 HIGH |
| ASUS RT-AX56U’s update_json function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another file with the same file name, which results in service disruption. | |||||
| CVE-2022-22814 | 1 Asus | 1 Myasus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The System Diagnosis service of MyASUS before 3.1.2.0 allows privilege escalation. | |||||
| CVE-2022-22262 | 1 Asus | 1 Rog Live Service | 2024-11-21 | 3.6 LOW | 7.7 HIGH |
| ROG Live Service’s function for deleting temp files created by installation has an improper link resolution before file access vulnerability. Since this function does not validate the path before deletion, an unauthenticated local attacker can create an unexpected symbolic link to system file path, to delete arbitrary system files and disrupt system service. | |||||
| CVE-2022-22054 | 1 Asus | 2 Rt-ax56u, Rt-ax56u Firmware | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| ASUS RT-AX56U’s login function contains a path traversal vulnerability due to its inadequate filtering for special characters in URL parameters, which allows an unauthenticated local area network attacker to access restricted system paths and download arbitrary files. | |||||
| CVE-2022-21933 | 1 Asus | 26 Pa90, Pa90 Firmware, Pb50 and 23 more | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service. | |||||
| CVE-2021-46247 | 1 Asus | 2 Cmax6000, Cmax6000 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from ASUS CMAX6000 v1.02.00. | |||||
| CVE-2021-46109 | 1 Asus | 1 Rt-ac52u B1 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Invalid input sanitizing leads to reflected Cross Site Scripting (XSS) in ASUS RT-AC52U_B1 3.0.0.4.380.10931 can lead to a user session hijack. | |||||
| CVE-2021-45757 | 1 Asus | 2 Rt-ac68u, Rt-ac68u Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| ASUS AC68U <=3.0.0.4.385.20852 is affected by a buffer overflow in blocking.cgi, which may cause a denial of service (DoS). | |||||
| CVE-2021-45756 | 1 Asus | 4 Rt-ac5300, Rt-ac5300 Firmware, Rt-ac68u and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Asus RT-AC68U <3.0.0.4.385.20633 and RT-AC5300 <3.0.0.4.384.82072 are affected by a buffer overflow in blocking_request.cgi. | |||||
| CVE-2021-44158 | 1 Asus | 2 Rt-ax56u, Rt-ax56u Firmware | 2024-11-21 | 7.7 HIGH | 8.0 HIGH |
| ASUS RT-AX56U Wi-Fi Router is vulnerable to stack-based buffer overflow due to improper validation for httpd parameter length. An authenticated local area network attacker can launch arbitrary code execution to control the system or disrupt service. | |||||
| CVE-2021-43702 | 1 Asus | 186 4g-ac53u, 4g-ac53u Firmware, 4g-ac68u and 183 more | 2024-11-21 | 3.5 LOW | 9.0 CRITICAL |
| ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device. | |||||
| CVE-2021-42055 | 1 Asus | 2 Ux582lr, Ux582lr Firmware | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
| ASUSTek ZenBook Pro Due 15 UX582 laptop firmware through 203 has Insecure Permissions that allow attacks by a physically proximate attacker. | |||||
| CVE-2021-41437 | 1 Asus | 2 Rt-ax88u, Rt-ax88u Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
| An HTTP response splitting attack in web application in ASUS RT-AX88U before v3.0.0.4.388.20558 allows an attacker to craft a specific URL that if an authenticated victim visits it, the URL will give access to the cloud storage of the attacker. | |||||