Vulnerabilities > Asus > Asuswrt > High

DATE CVE VULNERABILITY TITLE RISK
2020-03-20 CVE-2018-20335 Improper Input Validation vulnerability in Asus Asuswrt 3.0.0.4.384.20308
An issue was discovered in ASUSWRT 3.0.0.4.384.20308.
network
low complexity
asus CWE-20
7.5
7.5
2020-03-20 CVE-2018-20333 Information Exposure vulnerability in Asus Asuswrt 3.0.0.4.384.20308
An issue was discovered in ASUSWRT 3.0.0.4.384.20308.
network
low complexity
asus CWE-200
7.5
7.5
2018-01-31 CVE-2017-15656 Insufficiently Protected Credentials vulnerability in Asus Asuswrt 3.0.0.4.378/3.0.0.4.380.7743
Password are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt.
network
low complexity
asus CWE-522
8.8
8.8
2018-01-31 CVE-2017-15654 Use of Insufficiently Random Values vulnerability in Asus Asuswrt 3.0.0.4.378/3.0.0.4.380.7743
Highly predictable session tokens in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allow gaining administrative router access.
network
high complexity
asus CWE-330
8.3
8.3
2018-01-31 CVE-2017-15653 Insufficient Session Expiration vulnerability in Asus Asuswrt
Improper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string.
network
low complexity
asus CWE-613
8.8
8.8