Latest Asus Security Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2020-08-26 CVE-2020-15498 Improper Certificate Validation vulnerability in Asus Rt-Ac1900P Firmware 3.0.0.4.385.10000/3.0.0.4.385.20252
An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_20253.
4.3
2020-08-26 CVE-2020-15499 Cross-Site Scripting vulnerability in Asus Rt-Ac1900P Firmware 3.0.0.4.385.10000/3.0.0.4.385.20252
An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_20253.
4.3
2020-07-20 CVE-2020-15009 Untrusted Search Path vulnerability in Asus Screenpad2 Upgrade Tool 1.0.3
AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe in ScreenPad2_Upgrade_Tool.msi V1.0.3 for ASUS PCs with ScreenPad 1.0 (UX450FDX, UX550GDX and UX550GEX) could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name.
4.4
2020-06-08 CVE-2020-12695 Incorrect Default Permissions vulnerability in multiple products
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
7.8
2020-06-02 CVE-2019-17603 Out-Of-Bounds Write vulnerability in Asus Aura Sync 1.07.71
Ene.sys in Asus Aura Sync through 1.07.71 does not properly validate input to IOCTL 0x80102044, 0x80102050, and 0x80102054, which allows local users to cause a denial of service (system crash) or gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption.
7.2
2020-03-25 CVE-2020-10649 Improper Privilege Management vulnerability in Asus Device Activation
DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10 notebooks and PCs could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name.
local
low complexity
asus CWE-269
7.2
2020-03-20 CVE-2018-20333 Information Exposure vulnerability in Asus Asuswrt 3.0.0.4.384.20308
An issue was discovered in ASUSWRT 3.0.0.4.384.20308.
network
low complexity
asus CWE-200
5.0
2020-03-20 CVE-2018-20334 OS Command Injection vulnerability in Asus Asuswrt 3.0.0.4.384.20308
An issue was discovered in ASUSWRT 3.0.0.4.384.20308.
network
low complexity
asus CWE-78
critical
10
2020-03-20 CVE-2018-20335 Improper Input Validation vulnerability in Asus Asuswrt 3.0.0.4.384.20308
An issue was discovered in ASUSWRT 3.0.0.4.384.20308.
network
low complexity
asus CWE-20
7.8
2020-02-27 CVE-2018-8877 Information Exposure vulnerability in multiple products
Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network IP address ranges by reading the new_lan_ip variable on the error_page.htm page.
network
low complexity
asus asuswrt-merlin CWE-200
5.0