Vulnerabilities > Asus
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-26 | CVE-2018-18536 | Unspecified vulnerability in Asus Aura Sync Firmware 1.07.22 The GLCKIo and Asusgio low-level drivers in ASUS Aura Sync v1.07.22 and earlier expose functionality to read/write data from/to IO ports. | 7.2 |
| 2018-12-26 | CVE-2018-18535 | Unspecified vulnerability in Asus Aura Sync Firmware 1.07.22 The Asusgio low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes functionality to read and write Machine Specific Registers (MSRs). | 7.2 |
| 2018-10-14 | CVE-2018-18291 | Cross-site Scripting vulnerability in Asus Rt-Ac58U Firmware 3.0.0.4.380.6516 A cross site scripting (XSS) vulnerability on ASUS RT-AC58U 3.0.0.4.380_6516 devices allows remote attackers to inject arbitrary web script or HTML via Advanced_ASUSDDNS_Content.asp, Advanced_WSecurity_Content.asp, Advanced_Wireless_Content.asp, Logout.asp, Main_Login.asp, MobileQIS_Login.asp, QIS_wizard.htma, YandexDNS.asp, ajax_status.xml, apply.cgi, clients.asp, disk.asp, disk_utility.asp, or internet.asp. | 4.3 |
| 2018-10-14 | CVE-2018-18287 | Information Exposure vulnerability in Asus Rt-Ac58U Firmware 3.0.0.4.380.6516 On ASUS RT-AC58U 3.0.0.4.380_6516 devices, remote attackers can discover hostnames and IP addresses by reading dhcpLeaseInfo data in the HTML source code of the Main_Login.asp page. | 5.0 |
| 2018-09-17 | CVE-2018-17127 | NULL Pointer Dereference vulnerability in Asus Gt-Ac5300 Firmware 3.0.0.4.384.21140/3.0.0.4.384.32738 blocking_request.cgi on ASUS GT-AC5300 devices through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (NULL pointer dereference and device crash) via a request that lacks a timestap parameter. | 7.8 |
| 2018-09-13 | CVE-2018-17023 | Cross-Site Request Forgery (CSRF) vulnerability in Asus Gt-Ac5300 Firmware Cross-site request forgery (CSRF) vulnerability on ASUS GT-AC5300 routers with firmware through 3.0.0.4.384_32738 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request to start_apply.htm. | 6.8 |
| 2018-09-13 | CVE-2018-17022 | Out-of-bounds Write vulnerability in Asus Gt-Ac5300 Firmware Stack-based buffer overflow on the ASUS GT-AC5300 router through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact by setting a long sh_path0 value and then sending an appGet.cgi?hook=select_list("Storage_x_SharedPath") request, because ej_select_list in router/httpd/web.c uses strcpy. | 8.0 |
| 2018-09-13 | CVE-2018-17021 | Cross-site Scripting vulnerability in Asus Gt-Ac5300 Firmware Cross-site scripting (XSS) vulnerability on ASUS GT-AC5300 devices with firmware through 3.0.0.4.384_32738 allows remote attackers to inject arbitrary web script or HTML via the appGet.cgi hook parameter. | 4.3 |
| 2018-09-13 | CVE-2018-17020 | Unspecified vulnerability in Asus Gt-Ac5300 Firmware ASUS GT-AC5300 devices with firmware through 3.0.0.4.384_32738 allow remote attackers to cause a denial of service via a single "GET / HTTP/1.1\r\n" line. | 7.8 |
| 2018-09-07 | CVE-2018-0647 | Cross-Site Request Forgery (CSRF) vulnerability in Asus Wl-330Nul Firmware 3.0.0.41 Cross-site request forgery (CSRF) vulnerability in WL-330NUL Firmware version prior to 3.0.0.46 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 6.8 |