Filtered by vendor Asus
Subscribe
Total
263 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-38032 | 1 Asus | 2 Rt-ac86u, Rt-ac86u Firmware | 2023-12-10 | N/A | 8.8 HIGH |
ASUS RT-AC86U AiProtection security- related function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services. | |||||
CVE-2023-38031 | 1 Asus | 2 Rt-ac86u, Rt-ac86u Firmware | 2023-12-10 | N/A | 8.8 HIGH |
ASUS RT-AC86U Adaptive QoS - Web History function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services. | |||||
CVE-2023-38033 | 1 Asus | 2 Rt-ac86u, Rt-ac86u Firmware | 2023-12-10 | N/A | 8.8 HIGH |
ASUS RT-AC86U unused Traffic Analyzer legacy Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services. | |||||
CVE-2023-35087 | 1 Asus | 4 Rt-ac86u, Rt-ac86u Firmware, Rt-ax56u V2 and 1 more | 2023-12-10 | N/A | 9.8 CRITICAL |
It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by lacking validation for a specific value when calling cm_processChangedConfigMsg in ccm_processREQ_CHANGED_CONFIG function in AiMesh system. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service. This issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_51529. | |||||
CVE-2023-34360 | 1 Asus | 2 Rt-ax88u, Rt-ax88u Firmware | 2023-12-10 | N/A | 5.4 MEDIUM |
A stored cross-site scripting (XSS) issue was discovered within the Custom User Icons functionality of ASUS RT-AX88U running firmware versions 3.0.0.4.388.23110 and prior. After a remote attacker logging in device with regular user privilege, the remote attacker can perform a Stored Cross-site Scripting (XSS) attack by uploading image which containing JavaScript code. | |||||
CVE-2023-39086 | 1 Asus | 2 Rt-ac66u B1, Rt-ac66u B1 Firmware | 2023-12-10 | N/A | 7.5 HIGH |
ASUS RT-AC66U B1 3.0.0.4.286_51665 was discovered to transmit sensitive information in cleartext. | |||||
CVE-2023-39236 | 1 Asus | 2 Rt-ac86u, Rt-ac86u Firmware | 2023-12-10 | N/A | 8.8 HIGH |
ASUS RT-AC86U Traffic Analyzer - Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services. | |||||
CVE-2023-41346 | 1 Asus | 2 Rt-ax55, Rt-ax55 Firmware | 2023-12-10 | N/A | 8.8 HIGH |
ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-refresh module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services. | |||||
CVE-2023-26911 | 1 Asus | 2 Armoury Crate, Setupasusservices | 2023-12-10 | N/A | 7.8 HIGH |
ASUS SetupAsusServices v1.0.5.1 in Asus Armoury Crate v5.3.4.0 contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. | |||||
CVE-2023-41347 | 1 Asus | 2 Rt-ax55, Rt-ax55 Firmware | 2023-12-10 | N/A | 8.8 HIGH |
ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its check token module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services. | |||||
CVE-2023-29772 | 1 Asus | 2 Rt-ac51u, Rt-ac51u Firmware | 2023-12-10 | N/A | 5.2 MEDIUM |
A Cross-site scripting (XSS) vulnerability in the System Log/General Log page of the administrator web UI in ASUS RT-AC51U wireless router firmware version up to and including 3.0.0.4.380.8591 allows remote attackers to inject arbitrary web script or HTML via a malicious network request. | |||||
CVE-2023-28702 | 1 Asus | 2 Rt-ac86u, Rt-ac86u Firmware | 2023-12-10 | N/A | 8.8 HIGH |
ASUS RT-AC86U does not filter special characters for parameters in specific web URLs. A remote attacker with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands, disrupt system or terminate service. | |||||
CVE-2023-28703 | 1 Asus | 2 Rt-ac86u, Rt-ac86u Firmware | 2023-12-10 | N/A | 7.2 HIGH |
ASUS RT-AC86U’s specific cgi function has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A remote attacker with administrator privileges can exploit this vulnerability to execute arbitrary system commands, disrupt system or terminate service. | |||||
CVE-2023-31195 | 1 Asus | 2 Rt-ax3000, Rt-ax3000 Firmware | 2023-12-10 | N/A | 5.3 MEDIUM |
ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 uses sensitive cookies without 'Secure' attribute. When an attacker is in a position to be able to mount a man-in-the-middle attack, and a user is tricked to log into the affected device through an unencrypted ('http') connection, the user's session may be hijacked. | |||||
CVE-2023-26602 | 1 Asus | 1 Asmb8-ikvm Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution. | |||||
CVE-2021-37316 | 1 Asus | 2 Rt-ac68u, Rt-ac68u Firmware | 2023-12-10 | N/A | 7.5 HIGH |
SQL injection vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to view sensitive information via /etc/shadow. | |||||
CVE-2022-38393 | 1 Asus | 2 Rt-ax82u, Rt-ax82u Firmware | 2023-12-10 | N/A | 7.5 HIGH |
A denial of service vulnerability exists in the cfg_server cm_processConnDiagPktList opcode of Asus RT-AX82U 3.0.0.4.386_49674-ge182230 router's configuration service. A specially-crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability. | |||||
CVE-2022-4221 | 1 Asus | 2 Nas-m25, Nas-m25 Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Asus NAS-M25 allows an unauthenticated attacker to inject arbitrary OS commands via unsanitized cookie values.This issue affects NAS-M25: through 1.0.1.7. | |||||
CVE-2022-35401 | 1 Asus | 2 Rt-ax82u, Rt-ax82u Firmware | 2023-12-10 | N/A | 8.1 HIGH |
An authentication bypass vulnerability exists in the get_IFTTTTtoken.cgi functionality of Asus RT-AX82U 3.0.0.4.386_49674-ge182230. A specially-crafted HTTP request can lead to full administrative access to the device. An attacker would need to send a series of HTTP requests to exploit this vulnerability. | |||||
CVE-2021-37317 | 1 Asus | 2 Rt-ac68u, Rt-ac68u Firmware | 2023-12-10 | N/A | 9.1 CRITICAL |
Directory Traversal vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the target for COPY and MOVE operations. |