Vulnerabilities > Asus
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-26 | CVE-2023-26602 | Command Injection vulnerability in Asus Asmb8-Ikvm Firmware 1.14.51 ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution. | 9.8 |
| 2023-02-15 | CVE-2022-42455 | Unspecified vulnerability in Asus Armoury Crate ASUS EC Tool driver (aka d.sys) 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, as signed by ASUS and shipped with multiple ASUS software products, contains multiple IOCTL handlers that provide raw read and write access to port I/O and MSRs via unprivileged IOCTL calls. | 7.8 |
| 2023-02-03 | CVE-2021-37315 | Use of Incorrectly-Resolved Name or Reference vulnerability in Asus Rt-Ac68U Firmware Incorrect Access Control issue discoverd in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the source for COPY and MOVE operations. | 9.1 |
| 2023-02-03 | CVE-2021-37316 | SQL Injection vulnerability in Asus Rt-Ac68U Firmware SQL injection vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to view sensitive information via /etc/shadow. | 7.5 |
| 2023-02-03 | CVE-2021-37317 | Path Traversal vulnerability in Asus Rt-Ac68U Firmware Directory Traversal vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the target for COPY and MOVE operations. | 9.1 |
| 2023-01-10 | CVE-2022-35401 | Improper Authentication vulnerability in Asus Rt-Ax82U Firmware 3.0.0.4.38649674Ge182230 An authentication bypass vulnerability exists in the get_IFTTTTtoken.cgi functionality of Asus RT-AX82U 3.0.0.4.386_49674-ge182230. | 8.1 |
| 2023-01-10 | CVE-2022-38105 | Unspecified vulnerability in Asus Rt-Ax82U Firmware 3.0.0.4.38649674Ge182230 An information disclosure vulnerability exists in the cm_processREQ_NC opcode of Asus RT-AX82U 3.0.0.4.386_49674-ge182230 router's configuration service. | 7.5 |
| 2023-01-10 | CVE-2022-38393 | Out-of-bounds Read vulnerability in Asus Rt-Ax82U Firmware 3.0.0.4.38649674Ge182230 A denial of service vulnerability exists in the cfg_server cm_processConnDiagPktList opcode of Asus RT-AX82U 3.0.0.4.386_49674-ge182230 router's configuration service. | 7.5 |
| 2022-12-14 | CVE-2022-44898 | Out-of-bounds Write vulnerability in Asus Aura Sync 1.07.71/1.07.79 The MsIo64.sys component in Asus Aura Sync through v1.07.79 does not properly validate input to IOCTL 0x80102040, 0x80102044, 0x80102050, and 0x80102054, allowing attackers to trigger a memory corruption and cause a Denial of Service (DoS) or escalate privileges via crafted IOCTL requests. | 7.8 |
| 2022-12-01 | CVE-2022-4221 | OS Command Injection vulnerability in Asus Nas-M25 Firmware Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Asus NAS-M25 allows an unauthenticated attacker to inject arbitrary OS commands via unsanitized cookie values.This issue affects NAS-M25: through 1.0.1.7. | 9.8 |