Vulnerabilities > Asus

DATE CVE VULNERABILITY TITLE RISK
2019-08-29 CVE-2019-11060 Allocation of Resources Without Limits or Throttling vulnerability in Asus Hg100 Firmware 1.05.12
The web api server on Port 8080 of ASUS HG100 firmware up to 1.05.12, which is vulnerable to Slowloris HTTP Denial of Service: an attacker can cause a Denial of Service (DoS) by sending headers very slowly to keep HTTP or HTTPS connections and associated resources alive for a long period of time.
network
low complexity
asus CWE-770
7.5
2019-06-24 CVE-2017-17945 Improper Certificate Validation vulnerability in Asus Hivivo and Vivobaby
The ASUS HiVivo aspplication before 5.6.27 for ASUS Watch has Missing SSL Certificate Validation.
network
low complexity
asus CWE-295
critical
9.1
2019-06-20 CVE-2017-17944 Improper Certificate Validation vulnerability in Asus Hivivo and Vivobaby
The ASUS Vivobaby application before 1.1.09 for Android has Missing SSL Certificate Validation.
network
low complexity
asus CWE-295
critical
9.1
2019-05-13 CVE-2018-14714 Unspecified vulnerability in Asus Rt-Ac3200 Firmware 3.0.0.4.382.50010
System command injection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute system commands via the "load_script" URL parameter.
network
low complexity
asus
critical
9.8
2019-05-13 CVE-2018-14713 Use of Externally-Controlled Format String vulnerability in Asus Rt-Ac3200 Firmware 3.0.0.4.382.50010
Format string vulnerability in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to read arbitrary sections of memory and CPU registers via the "hook" URL parameter.
network
low complexity
asus CWE-134
8.1
2019-05-13 CVE-2018-14712 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Asus Rt-Ac3200 Firmware 3.0.0.4.382.50010
Buffer overflow in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to inject system commands via the "hook" URL parameter.
network
low complexity
asus CWE-119
6.5
2019-05-13 CVE-2018-14711 Cross-Site Request Forgery (CSRF) vulnerability in Asus Rt-Ac3200 Firmware 3.0.0.4.382.50010
Missing cross-site request forgery protection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to cause state-changing actions with specially crafted URLs.
network
low complexity
asus CWE-352
6.5
2019-05-13 CVE-2018-14710 Cross-site Scripting vulnerability in Asus Rt-Ac3200 Firmware 3.0.0.4.382.50010
Cross-site scripting in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute JavaScript via the "hook" URL parameter.
network
low complexity
asus CWE-79
6.1
2019-04-25 CVE-2018-14993 Unspecified vulnerability in Asus Zenfone 3 MAX Firmware and Zenfone V Live Firmware
The ASUS Zenfone V Live Android device with a build fingerprint of asus/VZW_ASUS_A009/ASUS_A009:7.1.1/NMF26F/14.0610.1802.78-20180313:user/release-keys and the Asus ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys both contain a pre-installed platform app with a package name of com.asus.splendidcommandagent (versionCode=1510200090, versionName=1.2.0.18_160928) that contains an exported service named com.asus.splendidcommandagent.SplendidCommandAgentService that allows any app co-located on the device to supply arbitrary commands to be executed as the system user.
local
low complexity
asus
7.8
2019-04-25 CVE-2018-14980 Incorrect Permission Assignment for Critical Resource vulnerability in Asus Zenfone 3 MAX Firmware
The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains the android framework (i.e., system_server) with a package name of android (versionCode=24, versionName=7.0) that has been modified by ASUS or another entity in the supply chain.
local
low complexity
asus CWE-732
7.1