Vulnerabilities > Asus

DATE CVE VULNERABILITY TITLE RISK
2019-12-20 CVE-2019-15912 Improper Input Validation vulnerability in Asus products
An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO.
network
low complexity
asus CWE-20
5.0
2019-12-20 CVE-2019-15911 Cleartext Transmission of Sensitive Information vulnerability in Asus products
An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO.
network
low complexity
asus CWE-319
7.5
2019-12-20 CVE-2019-15910 Improper Input Validation vulnerability in Asus products
An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO.
network
low complexity
asus CWE-20
5.0
2019-12-18 CVE-2019-19235 Improper Input Validation vulnerability in Asus ATK Package
AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 (for Windows 10 notebook PCs) could lead to unsigned code execution with no additional execution.
local
asus CWE-20
6.9
2019-11-21 CVE-2018-8879 Out-of-bounds Write vulnerability in Asus Rt-Ac66U Firmware
Stack-based buffer overflow in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to execute arbitrary code by providing a long string to the blocking.asp page via a GET or POST request.
network
low complexity
asus CWE-787
7.5
2019-11-14 CVE-2019-15419 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Asus X105D Firmware
The Asus ASUS_X015_1 Android device with a build fingerprint of asus/CN_X015/ASUS_X015_1:7.0/NRD90M/CN_X015-14.00.1709.35-20171215:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app (versionCode=5, versionName=5.0.1) that allows unauthorized command execution via a confused deputy attack.
local
low complexity
asus CWE-610
7.2
2019-11-14 CVE-2019-15418 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Asus Pegasus 4 MAX Firmware and Pegasus 4A Firmware
The Asus ASUS_X00K_1 Android device with a build fingerprint of asus/CN_X00K/ASUS_X00K_1:7.0/NRD90M/CN_X00K-14.01.1711.27-20180420:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app (versionCode=5, versionName=5.0.1) that allows unauthorized command execution via a confused deputy attack.
local
low complexity
asus CWE-610
7.2
2019-11-14 CVE-2019-15414 Unspecified vulnerability in Asus Zenfone AR Firmware
The Asus ZenFone AR Android device with a build fingerprint of asus/WW_ASUS_A002/ASUS_A002:7.0/NRD90M/14.1600.1805.51-20180626:user/release-keys contains a pre-installed app with a package name of com.asus.splendidcommandagent app (versionCode=1510200105, versionName=1.2.0.21_180605) that allows other pre-installed apps to perform command execution via an accessible app component.
local
low complexity
asus
7.2
2019-11-14 CVE-2019-15413 Unspecified vulnerability in Asus Zenfone 3 Ultra Firmware
The Asus ZenFone 3 Ultra Android device with a build fingerprint of asus/WW_Phone/ASUS_A001:7.0/NRD90M/14.1010.1804.75-20180612:user/release-keys contains a pre-installed app with a package name of com.asus.splendidcommandagent app (versionCode=1510200105, versionName=1.2.0.21_180605) that allows other pre-installed apps to perform command execution via an accessible app component.
local
low complexity
asus
7.2
2019-11-14 CVE-2019-15412 Unspecified vulnerability in Asus Zenfone 4 Selfie Firmware
The Asus ZenFone 4 Selfie Android device with a build fingerprint of asus/WW_Z01M/ASUS_Z01M_1:7.1.1/NMF26F/WW_71.50.395.57_20180913:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component.
local
low complexity
asus
4.6