Vulnerabilities > Asus
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-07 | CVE-2022-23970 | Path Traversal vulnerability in Asus Rt-Ax56U Firmware 3.0.0.4.386.45898 ASUS RT-AX56U’s update_json function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. | 8.1 |
2022-04-07 | CVE-2022-23971 | Path Traversal vulnerability in Asus Rt-Ax56U Firmware 3.0.0.4.386.45898 ASUS RT-AX56U’s update_PLC/PORT file has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. | 8.1 |
2022-04-07 | CVE-2022-23972 | SQL Injection vulnerability in Asus Rt-Ax56U Firmware 3.0.0.4.386.45898 ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation. | 8.8 |
2022-04-07 | CVE-2022-23973 | Out-of-bounds Write vulnerability in Asus Rt-Ax56U Firmware 3.0.0.4.386.45898 ASUS RT-AX56U’s user profile configuration function is vulnerable to stack-based buffer overflow due to insufficient validation for parameter length. | 8.8 |
2022-04-07 | CVE-2022-25595 | Improper Input Validation vulnerability in Asus Rt-Ac86U Firmware 3.0.0.4.386.45956 ASUS RT-AC86U has improper user request handling, which allows an unauthenticated LAN attacker to cause a denial of service by sending particular request a server-to-client reply attempt. | 6.5 |
2022-04-07 | CVE-2022-25596 | Out-of-bounds Write vulnerability in Asus Rt-Ac86U Firmware 3.0.0.4.386.45956 ASUS RT-AC56U’s configuration function has a heap-based buffer overflow vulnerability due to insufficient validation for the decryption parameter length, which allows an unauthenticated LAN attacker to execute arbitrary code, perform arbitrary operations and disrupt service. | 8.8 |
2022-04-07 | CVE-2022-25597 | Unspecified vulnerability in Asus Rt-Ac86U Firmware 3.0.0.4.386.45956 ASUS RT-AC86U’s LPD service has insufficient filtering for special characters in the user request, which allows an unauthenticated LAN attacker to perform command injection attack, execute arbitrary commands and disrupt or terminate service. low complexity asus | 8.8 |
2022-03-23 | CVE-2021-45756 | Classic Buffer Overflow vulnerability in Asus Rt-Ac5300 Firmware and Rt-Ac68U Firmware Asus RT-AC68U <3.0.0.4.385.20633 and RT-AC5300 <3.0.0.4.384.82072 are affected by a buffer overflow in blocking_request.cgi. | 9.8 |
2022-03-23 | CVE-2021-45757 | Classic Buffer Overflow vulnerability in Asus Rt-Ac68U Firmware ASUS AC68U <=3.0.0.4.385.20852 is affected by a buffer overflow in blocking.cgi, which may cause a denial of service (DoS). | 7.5 |
2022-03-10 | CVE-2022-22814 | Unspecified vulnerability in Asus Myasus 3.1.1.0 The System Diagnosis service of MyASUS before 3.1.2.0 allows privilege escalation. | 9.8 |