Vulnerabilities > Asus

DATE CVE VULNERABILITY TITLE RISK
2021-11-19 CVE-2021-41436 HTTP Request Smuggling vulnerability in Asus products
An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote unauthenticated attacker to DoS via sending a specially crafted HTTP packet.
network
low complexity
asus CWE-444
7.8
2021-11-19 CVE-2021-41435 Improper Restriction of Excessive Authentication Attempts vulnerability in Asus products
A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request.
network
low complexity
asus CWE-307
critical
10.0
2021-11-15 CVE-2021-41289 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Asus P453Uj Bios 311
ASUS P453UJ contains the Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability.
local
low complexity
asus CWE-119
3.6
2021-11-12 CVE-2021-37910 Improper Control of Interaction Frequency vulnerability in Asus products
ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has improper control of Interaction frequency vulnerability, an unauthenticated attacker can remotely disconnect other users' connections by sending specially crafted SAE authentication frames.
network
low complexity
asus CWE-799
5.0
2021-10-18 CVE-2021-42055 Incorrect Default Permissions vulnerability in Asus Ux582Lr Firmware
ASUSTek ZenBook Pro Due 15 UX582 laptop firmware through 203 has Insecure Permissions that allow attacks by a physically proximate attacker.
local
low complexity
asus CWE-276
4.6
2021-09-27 CVE-2021-40981 Uncontrolled Search Path Element vulnerability in Asus Armoury Crate Lite Service
ASUS ROG Armoury Crate Lite before 4.2.10 allows local users to gain privileges by placing a Trojan horse file in the publicly writable %PROGRAMDATA%\ASUS\GamingCenterLib directory.
local
asus CWE-427
4.4
2021-05-06 CVE-2021-32030 Improper Authentication vulnerability in Asus Gt-Ac2900 Firmware 3.0.0.4.386.41793
The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator interface.
network
low complexity
asus CWE-287
7.5
2021-04-08 CVE-2021-28686 Out-of-bounds Write vulnerability in Asus Gputweak II
AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow low-privileged users to trigger a stack-based buffer overflow.
local
low complexity
asus CWE-787
2.1
2021-04-06 CVE-2021-28175 Classic Buffer Overflow vulnerability in Asus products
The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.
network
low complexity
asus CWE-120
4.0
2021-04-06 CVE-2021-28176 Classic Buffer Overflow vulnerability in Asus products
The DNS configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.
network
low complexity
asus CWE-120
4.0