Vulnerabilities > Asus

DATE CVE VULNERABILITY TITLE RISK
2019-11-14 CVE-2019-15394 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Asus Zenfone 5 Selfie Firmware
The Asus ZenFone 5 Selfie Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_1:7.1.1/NMF26F/14.0400.1810.061-20181107:user/release-keys contains a pre-installed app with a package name of com.asus.atd.smmitest app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack.
local
low complexity
asus CWE-610
7.8
2019-11-14 CVE-2019-15393 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Asus Zenfone Live (L1) Firmware
The Asus ZenFone Live Android device with a build fingerprint of asus/WW_Phone/ASUS_X00LD_3:7.1.1/NMF26F/14.0400.1806.203-20180720:user/release-keys contains a pre-installed app with a package name of com.asus.atd.smmitest app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack.
local
low complexity
asus CWE-610
3.3
2019-11-14 CVE-2019-15392 Unspecified vulnerability in Asus Zenfone 4 Selfie Firmware
The Asus ZenFone 4 Selfie Android device with a build fingerprint of Android/sdm660_64/sdm660_64:8.1.0/OPM1/14.2016.1802.247-20180419:user/release-keys contains a pre-installed app with a package name of com.log.logservice app (versionCode=1, versionName=1) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.
local
low complexity
asus
5.5
2019-11-14 CVE-2019-15391 Unspecified vulnerability in Asus Zenfone 4 Selfie Firmware
The Asus ZenFone 4 Selfie Android device with a build fingerprint of asus/WW_Phone/ASUS_X00LD_1:8.1.0/OPM1.171019.011/15.0400.1809.405-0:user/release-keys contains a pre-installed app with a package name of com.log.logservice app (versionCode=1, versionName=1) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.
local
low complexity
asus
5.5
2019-11-13 CVE-2013-4656 Path Traversal vulnerability in Asus Rt-Ac66U Firmware and Rt-N56U Firmware
Symlink Traversal vulnerability in ASUS RT-AC66U and RT-N56U due to misconfiguration in the SMB service.
network
low complexity
asus CWE-22
critical
9.8
2019-10-20 CVE-2019-18216 Unspecified vulnerability in Asus ROG Zephyrus M Gm501Gs Firmware
The BIOS configuration design on ASUS ROG Zephyrus M GM501GS laptops with BIOS 313 relies on the main battery instead of using a CMOS battery, which reduces the value of a protection mechanism in which booting from a USB device is prohibited.
low complexity
asus
6.8
2019-09-17 CVE-2018-20336 Classic Buffer Overflow vulnerability in Asus Asuswrt-Merlin 3.0.0.4.384.20308
An issue was discovered in ASUSWRT 3.0.0.4.384.20308.
network
low complexity
asus CWE-120
7.5
2019-09-04 CVE-2019-10709 Permissions, Privileges, and Access Controls vulnerability in Asus Precision Touchpad 11.0.0.25
AsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 hardware has a Pool Overflow associated with the \\.\AsusTP device, leading to a DoS or potentially privilege escalation via a crafted DeviceIoControl call.
network
low complexity
asus CWE-264
critical
9.8
2019-08-29 CVE-2019-11063 Missing Authentication for Critical Function vulnerability in Asus Smarthome
A broken access control vulnerability in SmartHome app (Android versions up to 3.0.42_190515, ios versions up to 2.0.22) allows an attacker in the same local area network to list user accounts and control IoT devices that connect with its gateway (HG100) via http://[target]/smarthome/devicecontrol without any authentication.
low complexity
asus CWE-306
8.8
2019-08-29 CVE-2019-11061 Missing Authentication for Critical Function vulnerability in Asus Hg100 Firmware 1.05.12/4.00.06
A broken access control vulnerability in HG100 firmware versions up to 4.00.06 allows an attacker in the same local area network to control IoT devices that connect with itself via http://[target]/smarthome/devicecontrol without any authentication.
low complexity
asus CWE-306
8.1