Vulnerabilities > Asus > Asuswrt

DATE CVE VULNERABILITY TITLE RISK
2022-08-05 CVE-2022-26376 Out-of-bounds Write vulnerability in multiple products
A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7..
network
low complexity
asus asuswrt-merlin CWE-787
critical
 9.8
9.8
2020-03-20 CVE-2018-20335 Improper Input Validation vulnerability in Asus Asuswrt 3.0.0.4.384.20308
An issue was discovered in ASUSWRT 3.0.0.4.384.20308.
network
low complexity
asus CWE-20
7.5
7.5
2020-03-20 CVE-2018-20334 OS Command Injection vulnerability in Asus Asuswrt 3.0.0.4.384.20308
An issue was discovered in ASUSWRT 3.0.0.4.384.20308.
network
low complexity
asus CWE-78
critical
 9.8
9.8
2020-03-20 CVE-2018-20333 Information Exposure vulnerability in Asus Asuswrt 3.0.0.4.384.20308
An issue was discovered in ASUSWRT 3.0.0.4.384.20308.
network
low complexity
asus CWE-200
7.5
7.5
2018-01-31 CVE-2017-15656 Insufficiently Protected Credentials vulnerability in Asus Asuswrt 3.0.0.4.378/3.0.0.4.380.7743
Password are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt.
network
low complexity
asus CWE-522
8.8
8.8
2018-01-31 CVE-2017-15655 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Asus Asuswrt
Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version <=3.0.0.4.376.X.
network
low complexity
asus CWE-119
critical
 9.6
9.6
2018-01-31 CVE-2017-15654 Use of Insufficiently Random Values vulnerability in Asus Asuswrt 3.0.0.4.378/3.0.0.4.380.7743
Highly predictable session tokens in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allow gaining administrative router access.
network
high complexity
asus CWE-330
8.3
8.3
2018-01-31 CVE-2017-15653 Insufficient Session Expiration vulnerability in Asus Asuswrt
Improper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string.
network
low complexity
asus CWE-613
8.8
8.8
2018-01-22 CVE-2018-6000 Missing Authorization vulnerability in Asus Asuswrt 3.0.0.4.378/3.0.0.4.380.7743/3.0.0.4.384.20308
An issue was discovered in AsusWRT before 3.0.0.4.384_10007.
network
low complexity
asus CWE-862
critical
 9.8
9.8
2018-01-22 CVE-2018-5999 Unspecified vulnerability in Asus Asuswrt 3.0.0.4.378/3.0.0.4.380.7743/3.0.0.4.384.20308
An issue was discovered in AsusWRT before 3.0.0.4.384_10007.
network
low complexity
asus
critical
 9.8
9.8