Vulnerabilities > Asus
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-26 | CVE-2023-26911 | Unquoted Search Path or Element vulnerability in Asus Armoury Crate and Setupasusservices ASUS SetupAsusServices v1.0.5.1 in Asus Armoury Crate v5.3.4.0 contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. | 7.8 |
| 2023-06-13 | CVE-2023-31195 | Cleartext Transmission of Sensitive Information vulnerability in Asus Rt-Ax3000 Firmware ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 uses sensitive cookies without 'Secure' attribute. | 5.3 |
| 2023-06-12 | CVE-2023-34940 | Out-of-bounds Write vulnerability in Asus Rt-N10Lx Firmware 2.0.0.39 Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overflow via the url parameter at /start-apply.html. | 7.5 |
| 2023-06-12 | CVE-2023-34941 | Cross-site Scripting vulnerability in Asus Rt-N10Lx Firmware 2.0.0.39 A stored cross-site scripting (XSS) vulnerability in the urlFilterList function of Asus RT-N10LX Router v2.0.0.39 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL Keyword List text field. | 5.4 |
| 2023-06-12 | CVE-2023-34942 | Out-of-bounds Write vulnerability in Asus Rt-N10Lx Firmware 2.0.0.39 Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overflow via the mac parameter at /start-apply.html. | 7.5 |
| 2023-05-02 | CVE-2023-29772 | Cross-site Scripting vulnerability in Asus Rt-Ac51U Firmware 3.0.0.4.380.8228/3.0.0.4.380.8591 A Cross-site scripting (XSS) vulnerability in the System Log/General Log page of the administrator web UI in ASUS RT-AC51U wireless router firmware version up to and including 3.0.0.4.380.8591 allows remote attackers to inject arbitrary web script or HTML via a malicious network request. | 5.2 |
| 2023-02-26 | CVE-2023-26602 | Command Injection vulnerability in Asus Asmb8-Ikvm Firmware 1.14.51 ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution. | 9.8 |
| 2023-02-15 | CVE-2022-42455 | Unspecified vulnerability in Asus Armoury Crate 4.1.0.8/5.3.4.0 ASUS EC Tool driver (aka d.sys) 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, as signed by ASUS and shipped with multiple ASUS software products, contains multiple IOCTL handlers that provide raw read and write access to port I/O and MSRs via unprivileged IOCTL calls. | 7.8 |
| 2023-02-03 | CVE-2021-37315 | Use of Incorrectly-Resolved Name or Reference vulnerability in Asus Rt-Ac68U Firmware Incorrect Access Control issue discoverd in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the source for COPY and MOVE operations. | 9.1 |
| 2023-02-03 | CVE-2021-37316 | SQL Injection vulnerability in Asus Rt-Ac68U Firmware SQL injection vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to view sensitive information via /etc/shadow. | 7.5 |