Vulnerabilities > Asus

DATE CVE VULNERABILITY TITLE RISK
2021-05-06 CVE-2021-32030 Improper Authentication vulnerability in Asus Gt-Ac2900 Firmware 3.0.0.4.386.41793
The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator interface.
network
low complexity
asus CWE-287
7.5
2021-04-08 CVE-2021-28686 Out-Of-Bounds Write vulnerability in Asus Gputweak II
AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow low-privileged users to trigger a stack-based buffer overflow.
local
low complexity
asus CWE-787
2.1
2021-04-06 CVE-2021-28209 Path Traversal vulnerability in Asus products
The specific function in ASUS BMC’s firmware Web management page (Delete video file function) does not filter the specific parameter.
network
low complexity
asus CWE-22
6.8
2021-04-06 CVE-2021-28208 Path Traversal vulnerability in Asus products
The specific function in ASUS BMC’s firmware Web management page (Get video file function) does not filter the specific parameter.
network
low complexity
asus CWE-22
6.8
2021-04-06 CVE-2021-28207 Path Traversal vulnerability in Asus products
The specific function in ASUS BMC’s firmware Web management page (Get Help file function) does not filter the specific parameter.
network
low complexity
asus CWE-22
6.8
2021-04-06 CVE-2021-28206 Path Traversal vulnerability in Asus products
The specific function in ASUS BMC’s firmware Web management page (Record video file function) does not filter the specific parameter.
network
low complexity
asus CWE-22
6.8
2021-04-06 CVE-2021-28205 Path Traversal vulnerability in Asus products
The specific function in ASUS BMC’s firmware Web management page (Delete SOL video file function) does not filter the specific parameter.
network
low complexity
asus CWE-22
6.8
2021-04-06 CVE-2021-28204 OS Command Injection vulnerability in Asus products
The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not filter the specific parameter.
network
low complexity
asus CWE-78
6.5
2021-04-06 CVE-2021-28203 OS Command Injection vulnerability in Asus products
The Web Set Media Image function in ASUS BMC’s firmware Web management page does not filter the specific parameter.
network
low complexity
asus CWE-78
6.5
2021-04-06 CVE-2021-28202 Classic Buffer Overflow vulnerability in Asus products
The Service configuration-2 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.
network
low complexity
asus CWE-120
4.0