Vulnerabilities > Asus
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-27 | CVE-2018-8878 | Information Exposure vulnerability in multiple products Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network devices' hostnames and MAC addresses by reading the custom_id variable on the blocking.asp page. | 5.3 |
| 2020-02-27 | CVE-2018-8877 | Information Exposure vulnerability in multiple products Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network IP address ranges by reading the new_lan_ip variable on the error_page.htm page. | 5.3 |
| 2020-01-28 | CVE-2013-3093 | Cross-Site Request Forgery (CSRF) vulnerability in Asus products ASUS RT-N56U devices allow CSRF. | 8.8 |
| 2020-01-28 | CVE-2020-7997 | Cross-site Scripting vulnerability in Asus Rt-Ac66U Firmware 3.0.0.4.37267 ASUS WRT-AC66U 3 RT 3.0.0.4.372_67 devices allow XSS via the Client Name field to the Parental Control feature. | 6.1 |
| 2019-12-20 | CVE-2019-15912 | Improper Input Validation vulnerability in Asus products An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. | 7.5 |
| 2019-12-20 | CVE-2019-15911 | Cleartext Transmission of Sensitive Information vulnerability in Asus products An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. | 9.8 |
| 2019-12-20 | CVE-2019-15910 | Improper Input Validation vulnerability in Asus products An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. | 7.5 |
| 2019-12-18 | CVE-2019-19235 | Uncontrolled Search Path Element vulnerability in Asus ATK Package AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 (for Windows 10 notebook PCs) could lead to unsigned code execution with no additional execution. | 7.0 |
| 2019-11-21 | CVE-2018-8879 | Out-of-bounds Write vulnerability in Asus Rt-Ac66U Firmware Stack-based buffer overflow in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to execute arbitrary code by providing a long string to the blocking.asp page via a GET or POST request. | 9.8 |
| 2019-11-14 | CVE-2019-15419 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Asus X105D Firmware The Asus ASUS_X015_1 Android device with a build fingerprint of asus/CN_X015/ASUS_X015_1:7.0/NRD90M/CN_X015-14.00.1709.35-20171215:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app (versionCode=5, versionName=5.0.1) that allows unauthorized command execution via a confused deputy attack. | 7.8 |