Vulnerabilities > Asus > Asuswrt > 3.0.0.4.378

DATE CVE VULNERABILITY TITLE RISK
2022-08-05 CVE-2022-26376 Out-of-bounds Write vulnerability in multiple products
A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7..
network
low complexity
asus asuswrt-merlin CWE-787
critical
 9.8
9.8
2018-01-31 CVE-2017-15656 Insufficiently Protected Credentials vulnerability in Asus Asuswrt 3.0.0.4.378/3.0.0.4.380.7743
Password are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt.
network
low complexity
asus CWE-522
4.0
4.0
2018-01-31 CVE-2017-15654 Use of Insufficiently Random Values vulnerability in Asus Asuswrt 3.0.0.4.378/3.0.0.4.380.7743
Highly predictable session tokens in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allow gaining administrative router access.
network
high complexity
asus CWE-330
7.6
7.6
2018-01-22 CVE-2018-6000 Missing Authorization vulnerability in Asus Asuswrt 3.0.0.4.378/3.0.0.4.380.7743/3.0.0.4.384.20308
An issue was discovered in AsusWRT before 3.0.0.4.384_10007.
network
low complexity
asus CWE-862
critical
 10.0
10
2018-01-22 CVE-2018-5999 Unspecified vulnerability in Asus Asuswrt 3.0.0.4.378/3.0.0.4.380.7743/3.0.0.4.384.20308
An issue was discovered in AsusWRT before 3.0.0.4.384_10007.
network
low complexity
asus
critical
 10.0
10