Vulnerabilities > Asus
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-02 | CVE-2023-28702 | OS Command Injection vulnerability in Asus Rt-Ac86U Firmware 3.0.0.4.386.51255 ASUS RT-AC86U does not filter special characters for parameters in specific web URLs. | 8.8 |
| 2023-06-02 | CVE-2023-28703 | Stack-based Buffer Overflow vulnerability in Asus Rt-Ac86U Firmware 3.0.0.4.386.51255 ASUS RT-AC86U’s specific cgi function has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. | 7.2 |
| 2023-05-02 | CVE-2023-29772 | Cross-site Scripting vulnerability in Asus Rt-Ac51U Firmware 3.0.0.4.380.8228 A Cross-site scripting (XSS) vulnerability in the System Log/General Log page of the administrator web UI in ASUS RT-AC51U wireless router firmware version up to and including 3.0.0.4.380.8591 allows remote attackers to inject arbitrary web script or HTML via a malicious network request. | 5.2 |
| 2023-02-26 | CVE-2023-26602 | Command Injection vulnerability in Asus Asmb8-Ikvm Firmware 1.14.51 ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution. | 9.8 |
| 2023-02-15 | CVE-2022-42455 | Unspecified vulnerability in Asus Armoury Crate ASUS EC Tool driver (aka d.sys) 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, as signed by ASUS and shipped with multiple ASUS software products, contains multiple IOCTL handlers that provide raw read and write access to port I/O and MSRs via unprivileged IOCTL calls. | 7.8 |
| 2023-02-03 | CVE-2021-37315 | Use of Incorrectly-Resolved Name or Reference vulnerability in Asus Rt-Ac68U Firmware Incorrect Access Control issue discoverd in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the source for COPY and MOVE operations. | 9.1 |
| 2023-02-03 | CVE-2021-37316 | SQL Injection vulnerability in Asus Rt-Ac68U Firmware SQL injection vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to view sensitive information via /etc/shadow. | 7.5 |
| 2023-02-03 | CVE-2021-37317 | Path Traversal vulnerability in Asus Rt-Ac68U Firmware Directory Traversal vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the target for COPY and MOVE operations. | 9.1 |
| 2023-01-10 | CVE-2022-35401 | Improper Authentication vulnerability in Asus Rt-Ax82U Firmware 3.0.0.4.38649674Ge182230 An authentication bypass vulnerability exists in the get_IFTTTTtoken.cgi functionality of Asus RT-AX82U 3.0.0.4.386_49674-ge182230. | 8.1 |
| 2023-01-10 | CVE-2022-38105 | Unspecified vulnerability in Asus Rt-Ax82U Firmware 3.0.0.4.38649674Ge182230 An information disclosure vulnerability exists in the cm_processREQ_NC opcode of Asus RT-AX82U 3.0.0.4.386_49674-ge182230 router's configuration service. | 7.5 |