Vulnerabilities > Asus
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-11-14 | CVE-2019-15391 | Unspecified vulnerability in Asus Zenfone 4 Selfie Firmware The Asus ZenFone 4 Selfie Android device with a build fingerprint of asus/WW_Phone/ASUS_X00LD_1:8.1.0/OPM1.171019.011/15.0400.1809.405-0:user/release-keys contains a pre-installed app with a package name of com.log.logservice app (versionCode=1, versionName=1) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 2.1 |
2019-11-13 | CVE-2013-4656 | Path Traversal vulnerability in Asus Rt-Ac66U Firmware and Rt-N56U Firmware Symlink Traversal vulnerability in ASUS RT-AC66U and RT-N56U due to misconfiguration in the SMB service. | 10.0 |
2019-10-20 | CVE-2019-18216 | Unspecified vulnerability in Asus ROG Zephyrus M Gm501Gs Firmware The BIOS configuration design on ASUS ROG Zephyrus M GM501GS laptops with BIOS 313 relies on the main battery instead of using a CMOS battery, which reduces the value of a protection mechanism in which booting from a USB device is prohibited. low complexity asus | 6.8 |
2019-09-17 | CVE-2018-20336 | Classic Buffer Overflow vulnerability in Asus Asuswrt-Merlin 3.0.0.4.384.20308 An issue was discovered in ASUSWRT 3.0.0.4.384.20308. | 5.0 |
2019-09-04 | CVE-2019-10709 | Permissions, Privileges, and Access Controls vulnerability in Asus Precision Touchpad 11.0.0.25 AsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 hardware has a Pool Overflow associated with the \\.\AsusTP device, leading to a DoS or potentially privilege escalation via a crafted DeviceIoControl call. | 7.5 |
2019-08-29 | CVE-2019-11063 | Missing Authentication for Critical Function vulnerability in Asus Smarthome A broken access control vulnerability in SmartHome app (Android versions up to 3.0.42_190515, ios versions up to 2.0.22) allows an attacker in the same local area network to list user accounts and control IoT devices that connect with its gateway (HG100) via http://[target]/smarthome/devicecontrol without any authentication. | 8.3 |
2019-08-29 | CVE-2019-11061 | Missing Authentication for Critical Function vulnerability in Asus Hg100 Firmware 1.05.12/4.00.06 A broken access control vulnerability in HG100 firmware versions up to 4.00.06 allows an attacker in the same local area network to control IoT devices that connect with itself via http://[target]/smarthome/devicecontrol without any authentication. | 4.8 |
2019-08-29 | CVE-2019-11060 | Resource Exhaustion vulnerability in Asus Hg100 Firmware 1.05.12 The web api server on Port 8080 of ASUS HG100 firmware up to 1.05.12, which is vulnerable to Slowloris HTTP Denial of Service: an attacker can cause a Denial of Service (DoS) by sending headers very slowly to keep HTTP or HTTPS connections and associated resources alive for a long period of time. | 7.8 |
2019-06-24 | CVE-2017-17945 | Improper Certificate Validation vulnerability in Asus Hivivo and Vivobaby The ASUS HiVivo aspplication before 5.6.27 for ASUS Watch has Missing SSL Certificate Validation. | 6.4 |
2019-06-20 | CVE-2017-17944 | Improper Certificate Validation vulnerability in Asus Hivivo and Vivobaby The ASUS Vivobaby application before 1.1.09 for Android has Missing SSL Certificate Validation. | 6.4 |