Filtered by vendor Asus
Subscribe
Total
243 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-23971 | 1 Asus | 2 Rt-ax56u, Rt-ax56u Firmware | 2024-02-04 | 4.8 MEDIUM | 8.1 HIGH |
ASUS RT-AX56U’s update_PLC/PORT file has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another PLC/PORT file with the same file name, which results in service disruption. | |||||
CVE-2022-25597 | 1 Asus | 2 Rt-ac86u, Rt-ac86u Firmware | 2024-02-04 | 5.8 MEDIUM | 8.8 HIGH |
ASUS RT-AC86U’s LPD service has insufficient filtering for special characters in the user request, which allows an unauthenticated LAN attacker to perform command injection attack, execute arbitrary commands and disrupt or terminate service. | |||||
CVE-2022-26674 | 1 Asus | 2 Rt-ax88u, Rt-ax88u Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
ASUS RT-AX88U has a Format String vulnerability, which allows an unauthenticated remote attacker to write to arbitrary memory address and perform remote arbitrary code execution, arbitrary system operation or disrupt service. | |||||
CVE-2022-26673 | 1 Asus | 2 Rt-ax88u, Rt-ax88u Firmware | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
ASUS RT-AX88U has insufficient filtering for special characters in the HTTP header parameter. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform Stored Cross-Site Scripting (XSS) attacks. | |||||
CVE-2022-31874 | 1 Asus | 2 Rt-n53, Rt-n53 Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
ASUS RT-N53 3.0.0.4.376.3754 has a command injection vulnerability in the SystemCmd parameter of the apply.cgi interface. | |||||
CVE-2022-22262 | 1 Asus | 1 Rog Live Service | 2024-02-04 | 3.6 LOW | 7.7 HIGH |
ROG Live Service’s function for deleting temp files created by installation has an improper link resolution before file access vulnerability. Since this function does not validate the path before deletion, an unauthenticated local attacker can create an unexpected symbolic link to system file path, to delete arbitrary system files and disrupt system service. | |||||
CVE-2022-26669 | 1 Asus | 1 Control Center | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
ASUS Control Center is vulnerable to SQL injection. An authenticated remote attacker with general user privilege can inject SQL command to specific API parameters to acquire database schema or access data. | |||||
CVE-2022-23970 | 1 Asus | 2 Rt-ax56u, Rt-ax56u Firmware | 2024-02-04 | 4.8 MEDIUM | 8.1 HIGH |
ASUS RT-AX56U’s update_json function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another file with the same file name, which results in service disruption. | |||||
CVE-2022-22054 | 1 Asus | 2 Rt-ax56u, Rt-ax56u Firmware | 2024-02-04 | 3.3 LOW | 6.5 MEDIUM |
ASUS RT-AX56U’s login function contains a path traversal vulnerability due to its inadequate filtering for special characters in URL parameters, which allows an unauthenticated local area network attacker to access restricted system paths and download arbitrary files. | |||||
CVE-2021-41435 | 1 Asus | 36 Gt-ax11000, Gt-ax11000 Firmware, Rt-ax3000 and 33 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request. | |||||
CVE-2022-21933 | 1 Asus | 26 Pa90, Pa90 Firmware, Pb50 and 23 more | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service. | |||||
CVE-2021-44158 | 1 Asus | 2 Rt-ax56u, Rt-ax56u Firmware | 2024-02-04 | 7.7 HIGH | 8.0 HIGH |
ASUS RT-AX56U Wi-Fi Router is vulnerable to stack-based buffer overflow due to improper validation for httpd parameter length. An authenticated local area network attacker can launch arbitrary code execution to control the system or disrupt service. | |||||
CVE-2021-40981 | 1 Asus | 1 Armoury Crate Lite Service | 2024-02-04 | 4.4 MEDIUM | 7.3 HIGH |
ASUS ROG Armoury Crate Lite before 4.2.10 allows local users to gain privileges by placing a Trojan horse file in the publicly writable %PROGRAMDATA%\ASUS\GamingCenterLib directory. | |||||
CVE-2021-42055 | 1 Asus | 2 Ux582lr, Ux582lr Firmware | 2024-02-04 | 4.6 MEDIUM | 6.8 MEDIUM |
ASUSTek ZenBook Pro Due 15 UX582 laptop firmware through 203 has Insecure Permissions that allow attacks by a physically proximate attacker. | |||||
CVE-2021-37910 | 1 Asus | 10 Gt-axe11000, Gt-axe11000 Firmware, Rt-ax3000 and 7 more | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has improper control of Interaction frequency vulnerability, an unauthenticated attacker can remotely disconnect other users' connections by sending specially crafted SAE authentication frames. | |||||
CVE-2019-20082 | 1 Asus | 2 Rt-n53, Rt-n53 Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
ASUS RT-N53 3.0.0.4.376.3754 devices have a buffer overflow via a long lan_dns1_x or lan_dns2_x parameter to Advanced_LAN_Content.asp. | |||||
CVE-2021-41436 | 1 Asus | 36 Gt-ax11000, Gt-ax11000 Firmware, Rt-ax3000 and 33 more | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote unauthenticated attacker to DoS via sending a specially crafted HTTP packet. | |||||
CVE-2021-46109 | 1 Asus | 1 Rt-ac52u B1 Firmware | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Invalid input sanitizing leads to reflected Cross Site Scripting (XSS) in ASUS RT-AC52U_B1 3.0.0.4.380.10931 can lead to a user session hijack. | |||||
CVE-2021-41289 | 1 Asus | 2 P453uj, P453uj Bios | 2024-02-04 | 3.6 LOW | 6.3 MEDIUM |
ASUS P453UJ contains the Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability. With a general user’s permission, local attackers can modify the BIOS by replacing or filling in the content of the designated Memory DataBuffer, which causing a failure of integrity verification and further resulting in a failure to boot. | |||||
CVE-2021-32030 | 1 Asus | 2 Gt-ac2900, Gt-ac2900 Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator interface. This relates to handle_request in router/httpd/httpd.c and auth_check in web_hook.o. An attacker-supplied value of '\0' matches the device's default value of '\0' in some situations. |