Vulnerabilities > Asus

DATE CVE VULNERABILITY TITLE RISK
2022-05-11 CVE-2021-3254 Resource Exhaustion vulnerability in Asus Dsl-N14U-B1 Firmware 1.1.2.3805
Asus DSL-N14U-B1 1.1.2.3_805 allows remote attackers to cause a Denial of Service (DoS) via a TCP SYN scan using nmap.
network
low complexity
asus CWE-400
7.8
2022-04-22 CVE-2022-26672 Use of Hard-coded Credentials vulnerability in Asus Webstorage
ASUS WebStorage has a hardcoded API Token in the APP source code.
network
low complexity
asus CWE-798
7.5
2022-04-22 CVE-2022-26673 Cross-site Scripting vulnerability in Asus Rt-Ax88U Firmware
ASUS RT-AX88U has insufficient filtering for special characters in the HTTP header parameter.
network
asus CWE-79
3.5
2022-04-22 CVE-2022-26674 Use of Externally-Controlled Format String vulnerability in Asus Rt-Ax88U Firmware
ASUS RT-AX88U has a Format String vulnerability, which allows an unauthenticated remote attacker to write to arbitrary memory address and perform remote arbitrary code execution, arbitrary system operation or disrupt service.
network
low complexity
asus CWE-134
7.5
2022-04-07 CVE-2022-23970 Path Traversal vulnerability in Asus Rt-Ax56U Firmware 3.0.0.4.386.45898
ASUS RT-AX56U’s update_json function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter.
low complexity
asus CWE-22
4.8
2022-04-07 CVE-2022-23971 Path Traversal vulnerability in Asus Rt-Ax56U Firmware 3.0.0.4.386.45898
ASUS RT-AX56U’s update_PLC/PORT file has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter.
low complexity
asus CWE-22
4.8
2022-04-07 CVE-2022-23972 SQL Injection vulnerability in Asus Rt-Ax56U Firmware 3.0.0.4.386.45898
ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation.
low complexity
asus CWE-89
5.8
2022-04-07 CVE-2022-23973 Out-of-bounds Write vulnerability in Asus Rt-Ax56U Firmware 3.0.0.4.386.45898
ASUS RT-AX56U’s user profile configuration function is vulnerable to stack-based buffer overflow due to insufficient validation for parameter length.
low complexity
asus CWE-787
5.8
2022-04-07 CVE-2022-25595 Improper Input Validation vulnerability in Asus Rt-Ac86U Firmware 3.0.0.4.386.45956
ASUS RT-AC86U has improper user request handling, which allows an unauthenticated LAN attacker to cause a denial of service by sending particular request a server-to-client reply attempt.
low complexity
asus CWE-20
6.1
2022-04-07 CVE-2022-25596 Out-of-bounds Write vulnerability in Asus Rt-Ac86U Firmware 3.0.0.4.386.45956
ASUS RT-AC56U’s configuration function has a heap-based buffer overflow vulnerability due to insufficient validation for the decryption parameter length, which allows an unauthenticated LAN attacker to execute arbitrary code, perform arbitrary operations and disrupt service.
low complexity
asus CWE-787
5.8