Vulnerabilities > Asus

DATE CVE VULNERABILITY TITLE RISK
2019-11-14 CVE-2019-15391 Unspecified vulnerability in Asus Zenfone 4 Selfie Firmware
The Asus ZenFone 4 Selfie Android device with a build fingerprint of asus/WW_Phone/ASUS_X00LD_1:8.1.0/OPM1.171019.011/15.0400.1809.405-0:user/release-keys contains a pre-installed app with a package name of com.log.logservice app (versionCode=1, versionName=1) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.
local
low complexity
asus
2.1
2019-11-13 CVE-2013-4656 Path Traversal vulnerability in Asus Rt-Ac66U Firmware and Rt-N56U Firmware
Symlink Traversal vulnerability in ASUS RT-AC66U and RT-N56U due to misconfiguration in the SMB service.
network
low complexity
asus CWE-22
critical
10.0
2019-10-20 CVE-2019-18216 Unspecified vulnerability in Asus ROG Zephyrus M Gm501Gs Firmware
The BIOS configuration design on ASUS ROG Zephyrus M GM501GS laptops with BIOS 313 relies on the main battery instead of using a CMOS battery, which reduces the value of a protection mechanism in which booting from a USB device is prohibited.
low complexity
asus
6.8
2019-09-17 CVE-2018-20336 Classic Buffer Overflow vulnerability in Asus Asuswrt-Merlin 3.0.0.4.384.20308
An issue was discovered in ASUSWRT 3.0.0.4.384.20308.
network
low complexity
asus CWE-120
5.0
2019-09-04 CVE-2019-10709 Permissions, Privileges, and Access Controls vulnerability in Asus Precision Touchpad 11.0.0.25
AsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 hardware has a Pool Overflow associated with the \\.\AsusTP device, leading to a DoS or potentially privilege escalation via a crafted DeviceIoControl call.
network
low complexity
asus CWE-264
7.5
2019-08-29 CVE-2019-11063 Missing Authentication for Critical Function vulnerability in Asus Smarthome
A broken access control vulnerability in SmartHome app (Android versions up to 3.0.42_190515, ios versions up to 2.0.22) allows an attacker in the same local area network to list user accounts and control IoT devices that connect with its gateway (HG100) via http://[target]/smarthome/devicecontrol without any authentication.
low complexity
asus CWE-306
8.3
2019-08-29 CVE-2019-11061 Missing Authentication for Critical Function vulnerability in Asus Hg100 Firmware 1.05.12/4.00.06
A broken access control vulnerability in HG100 firmware versions up to 4.00.06 allows an attacker in the same local area network to control IoT devices that connect with itself via http://[target]/smarthome/devicecontrol without any authentication.
low complexity
asus CWE-306
4.8
2019-08-29 CVE-2019-11060 Resource Exhaustion vulnerability in Asus Hg100 Firmware 1.05.12
The web api server on Port 8080 of ASUS HG100 firmware up to 1.05.12, which is vulnerable to Slowloris HTTP Denial of Service: an attacker can cause a Denial of Service (DoS) by sending headers very slowly to keep HTTP or HTTPS connections and associated resources alive for a long period of time.
network
low complexity
asus CWE-400
7.8
2019-06-24 CVE-2017-17945 Improper Certificate Validation vulnerability in Asus Hivivo and Vivobaby
The ASUS HiVivo aspplication before 5.6.27 for ASUS Watch has Missing SSL Certificate Validation.
network
low complexity
asus CWE-295
6.4
2019-06-20 CVE-2017-17944 Improper Certificate Validation vulnerability in Asus Hivivo and Vivobaby
The ASUS Vivobaby application before 1.1.09 for Android has Missing SSL Certificate Validation.
network
low complexity
asus CWE-295
6.4