Filtered by vendor Asus
Subscribe
Total
263 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-7293 | 1 Asus | 1 Wl-330nul | 2023-12-10 | 5.0 MEDIUM | N/A |
| The ASUS WL-330NUL router has a configuration process that relies on accessing the 192.168.1.1 IP address, but the documentation advises users to instead access a DNS hostname that does not always resolve to 192.168.1.1, which makes it easier for remote attackers to hijack the configuration traffic by controlling the server associated with that hostname. | |||||
| CVE-2015-2676 | 1 Asus | 2 Rt-g32, Rt-g32 Firmware | 2023-12-10 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request to start_apply.htm. | |||||
| CVE-2014-2719 | 2 Asus, T-mobile | 10 Rt-ac66u Firmware, Rt-ac68u, Rt-ac68u Firmware and 7 more | 2023-12-10 | 6.3 MEDIUM | N/A |
| Advanced_System_Content.asp in the ASUS RT series routers with firmware before 3.0.0.4.374.5517, when an administrator session is active, allows remote authenticated users to obtain the administrator user name and password by reading the source code. | |||||
| CVE-2014-9583 | 2 Asus, T-mobile | 4 Rt-ac66u, Rt-n66u, Wrt Firmware and 1 more | 2023-12-10 | 10.0 HIGH | N/A |
| common.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC66U, RT-N66U, and other routers, does not properly check the MAC address for a request, which allows remote attackers to bypass authentication and execute arbitrary commands via a NET_CMD_ID_MANU_CMD packet to UDP port 9999. NOTE: this issue was incorrectly mapped to CVE-2014-10000, but that ID is invalid due to its use as an example of the 2014 CVE ID syntax change. | |||||
| CVE-2014-2718 | 2 Asus, T-mobile | 10 Rt-ac56r, Rt-ac66r, Rt-ac66u and 7 more | 2023-12-10 | 7.1 HIGH | N/A |
| ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and possibly other RT-series routers before firmware 3.0.0.4.376.x do not verify the integrity of firmware (1) update information or (2) downloaded updates, which allows man-in-the-middle (MITM) attackers to execute arbitrary code via a crafted image. | |||||
| CVE-2014-7269 | 1 Asus | 10 Rt-ac56s, Rt-ac56s Firmware, Rt-ac68u and 7 more | 2023-12-10 | 6.5 MEDIUM | N/A |
| ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2014-2925 | 2 Asus, T-mobile | 3 Rt-ac68u, Rt-ac68u Firmware, Tm-ac1900 | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Advanced_Wireless_Content.asp in ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote attackers to inject arbitrary web script or HTML via the current_page parameter to apply.cgi. | |||||
| CVE-2015-2681 | 1 Asus | 2 Rt-g32, Rt-g32 Firmware | 2023-12-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) next_page, (2) group_id, (3) action_script, or (4) flag parameter to start_apply.htm. | |||||
| CVE-2013-6343 | 1 Asus | 6 Rt-ac66u, Rt-ac66u Firmware, Rt-n56u and 3 more | 2023-12-10 | 10.0 HIGH | N/A |
| Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and RT-AC66U routers with firmware 3.0.0.4.374_979 allow remote attackers to execute arbitrary code via the (1) apps_name or (2) apps_flag parameter to APP_Installation.asp. | |||||
| CVE-2015-1437 | 1 Asus | 2 Rt-n10\+d1, Rt-n10\+d1 Firmware | 2023-12-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Asus RT-N10+ D1 router with firmware 2.1.1.1.70 allow remote attackers to inject arbitrary web script or HTML via the flag parameter to (1) result_of_get_changed_status.asp or (2) error_page.htm. | |||||
| CVE-2014-7270 | 1 Asus | 10 Rt-ac56s, Rt-ac56s Firmware, Rt-ac68u and 7 more | 2023-12-10 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability on ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2013-5948 | 2 Asus, T-mobile | 3 Rt-ac68u, Rt-ac68u Firmware, Tm-ac1900 | 2023-12-10 | 8.5 HIGH | N/A |
| The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the Target field (destIP parameter). | |||||
| CVE-2012-4924 | 1 Asus | 2 Ipswcom Activex Component, Net4switch | 2023-12-10 | 9.3 HIGH | N/A |
| Buffer overflow in the CxDbgPrint function in the ipswcom.dll ActiveX component 1.0.0.1 for ASUS Net4Switch 1.0.0020 allows remote attackers to execute arbitrary code via a long parameter to the Alert method. | |||||
| CVE-2013-4937 | 1 Asus | 14 Dsl-n55u, Dsl-n56u Firmware, Rt-ac66u and 11 more | 2023-12-10 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the AiCloud feature on the ASUS RT-AC66U, RT-N66U, RT-N65U, RT-N14U, RT-N16, RT-N56U, and DSL-N55U with firmware before 3.0.4.372 have unknown impact and attack vectors. | |||||
| CVE-2013-3610 | 1 Asus | 2 Rt-n10e, Rt-n10e Firmware | 2023-12-10 | 6.1 MEDIUM | N/A |
| qis/QIS_finish.htm on the ASUS RT-N10E router with firmware before 2.0.0.25 does not require authentication, which allows remote attackers to discover the administrator password via a direct request. | |||||
| CVE-2011-4497 | 1 Asus | 2 Rt-n56u, Rt-n56u Firmware | 2023-12-10 | 3.3 LOW | N/A |
| QIS_wizard.htm on the ASUS RT-N56U router with firmware before 1.0.1.4o allows remote attackers to obtain the administrator password via a flag=detect request. | |||||
| CVE-2009-3092 | 1 Asus | 1 Asus Wl-500w | 2023-12-10 | 10.0 HIGH | N/A |
| Buffer overflow on the ASUS WL-500W wireless router has unknown impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2009-3093 | 1 Asus | 1 Asus Wl-500w | 2023-12-10 | 10.0 HIGH | N/A |
| Unspecified vulnerability on the ASUS WL-500W wireless router has unknown impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2008-1491 | 1 Asus | 1 Remote Console | 2023-12-10 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the DPC Proxy server (DpcProxy.exe) in ASUS Remote Console (aka ARC or ASMB3) 2.0.0.19 and 2.0.0.24 allows remote attackers to execute arbitrary code via a long string to TCP port 623. | |||||
| CVE-2009-3091 | 1 Asus | 1 Asus Wl-330ge | 2023-12-10 | 10.0 HIGH | N/A |
| Unspecified vulnerability on the ASUS WL-330gE has unknown impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||