Vulnerabilities > Asus

DATE CVE VULNERABILITY TITLE RISK
2022-04-07 CVE-2022-23970 Path Traversal vulnerability in Asus Rt-Ax56U Firmware 3.0.0.4.386.45898
ASUS RT-AX56U’s update_json function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter.
low complexity
asus CWE-22
8.1
2022-04-07 CVE-2022-23971 Path Traversal vulnerability in Asus Rt-Ax56U Firmware 3.0.0.4.386.45898
ASUS RT-AX56U’s update_PLC/PORT file has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter.
low complexity
asus CWE-22
8.1
2022-04-07 CVE-2022-23972 SQL Injection vulnerability in Asus Rt-Ax56U Firmware 3.0.0.4.386.45898
ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation.
low complexity
asus CWE-89
8.8
2022-04-07 CVE-2022-23973 Out-of-bounds Write vulnerability in Asus Rt-Ax56U Firmware 3.0.0.4.386.45898
ASUS RT-AX56U’s user profile configuration function is vulnerable to stack-based buffer overflow due to insufficient validation for parameter length.
low complexity
asus CWE-787
8.8
2022-04-07 CVE-2022-25595 Improper Input Validation vulnerability in Asus Rt-Ac86U Firmware 3.0.0.4.386.45956
ASUS RT-AC86U has improper user request handling, which allows an unauthenticated LAN attacker to cause a denial of service by sending particular request a server-to-client reply attempt.
low complexity
asus CWE-20
6.5
2022-04-07 CVE-2022-25596 Out-of-bounds Write vulnerability in Asus Rt-Ac86U Firmware 3.0.0.4.386.45956
ASUS RT-AC56U’s configuration function has a heap-based buffer overflow vulnerability due to insufficient validation for the decryption parameter length, which allows an unauthenticated LAN attacker to execute arbitrary code, perform arbitrary operations and disrupt service.
low complexity
asus CWE-787
8.8
2022-04-07 CVE-2022-25597 Unspecified vulnerability in Asus Rt-Ac86U Firmware 3.0.0.4.386.45956
ASUS RT-AC86U’s LPD service has insufficient filtering for special characters in the user request, which allows an unauthenticated LAN attacker to perform command injection attack, execute arbitrary commands and disrupt or terminate service.
low complexity
asus
8.8
2022-03-23 CVE-2021-45756 Classic Buffer Overflow vulnerability in Asus Rt-Ac5300 Firmware and Rt-Ac68U Firmware
Asus RT-AC68U <3.0.0.4.385.20633 and RT-AC5300 <3.0.0.4.384.82072 are affected by a buffer overflow in blocking_request.cgi.
network
low complexity
asus CWE-120
critical
9.8
2022-03-23 CVE-2021-45757 Classic Buffer Overflow vulnerability in Asus Rt-Ac68U Firmware
ASUS AC68U <=3.0.0.4.385.20852 is affected by a buffer overflow in blocking.cgi, which may cause a denial of service (DoS).
network
low complexity
asus CWE-120
7.5
2022-03-10 CVE-2022-22814 Unspecified vulnerability in Asus Myasus 3.1.1.0
The System Diagnosis service of MyASUS before 3.1.2.0 allows privilege escalation.
network
low complexity
asus
critical
9.8