Vulnerabilities > Asus
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-10 | CVE-2022-35401 | Improper Authentication vulnerability in Asus Rt-Ax82U Firmware 3.0.0.4.38649674Ge182230 An authentication bypass vulnerability exists in the get_IFTTTTtoken.cgi functionality of Asus RT-AX82U 3.0.0.4.386_49674-ge182230. | 8.1 |
| 2023-01-10 | CVE-2022-38105 | Unspecified vulnerability in Asus Rt-Ax82U Firmware 3.0.0.4.38649674Ge182230 An information disclosure vulnerability exists in the cm_processREQ_NC opcode of Asus RT-AX82U 3.0.0.4.386_49674-ge182230 router's configuration service. | 7.5 |
| 2023-01-10 | CVE-2022-38393 | Out-of-bounds Read vulnerability in Asus Rt-Ax82U Firmware 3.0.0.4.38649674Ge182230 A denial of service vulnerability exists in the cfg_server cm_processConnDiagPktList opcode of Asus RT-AX82U 3.0.0.4.386_49674-ge182230 router's configuration service. | 7.5 |
| 2022-12-01 | CVE-2022-4221 | OS Command Injection vulnerability in Asus Nas-M25 Firmware Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Asus NAS-M25 allows an unauthenticated attacker to inject arbitrary OS commands via unsanitized cookie values.This issue affects NAS-M25: through 1.0.1.7. | 9.8 |
| 2022-10-19 | CVE-2020-23648 | Missing Authentication for Critical Function vulnerability in Asus Rt-N12E Firmware 2.0.0.39 Asus RT-N12E 2.0.0.39 is affected by an incorrect access control vulnerability. | 7.5 |
| 2022-10-18 | CVE-2022-36438 | Incorrect Default Permissions vulnerability in Asus Asusswitch and System Control Interface AsusSwitch.exe on ASUS personal computers (running Windows) sets weak file permissions, leading to local privilege escalation (this also can be used to delete files within the system arbitrarily). | 7.8 |
| 2022-10-18 | CVE-2022-36439 | Unspecified vulnerability in Asus products AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal computers (running Windows) allows a local user to write into the Temp directory and delete another more privileged file via SYSTEM privileges. | 6.0 |
| 2022-10-06 | CVE-2021-40556 | Out-of-bounds Write vulnerability in Asus Rt-Ax56U Firmware 3.0.0.4.386.44266 A stack overflow vulnerability exists in the httpd service in ASUS RT-AX56U Router Version 3.0.0.4.386.44266. | 8.8 |
| 2022-09-28 | CVE-2022-38699 | Link Following vulnerability in Asus Armoury Crate Service Armoury Crate Service’s logging function has insufficient validation to check if the log file is a symbolic link. | 5.9 |
| 2022-08-05 | CVE-2022-26376 | Out-of-bounds Write vulnerability in multiple products A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. | 9.8 |