Vulnerabilities > Asus

DATE CVE VULNERABILITY TITLE RISK
2023-01-10 CVE-2022-38393 Out-of-bounds Read vulnerability in Asus Rt-Ax82U Firmware 3.0.0.4.38649674Ge182230
A denial of service vulnerability exists in the cfg_server cm_processConnDiagPktList opcode of Asus RT-AX82U 3.0.0.4.386_49674-ge182230 router's configuration service.
network
low complexity
asus CWE-125
7.5
2022-12-14 CVE-2022-44898 Out-of-bounds Write vulnerability in Asus Aura Sync 1.07.71/1.07.79
The MsIo64.sys component in Asus Aura Sync through v1.07.79 does not properly validate input to IOCTL 0x80102040, 0x80102044, 0x80102050, and 0x80102054, allowing attackers to trigger a memory corruption and cause a Denial of Service (DoS) or escalate privileges via crafted IOCTL requests.
local
low complexity
asus CWE-787
7.8
2022-12-01 CVE-2022-4221 OS Command Injection vulnerability in Asus Nas-M25 Firmware
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Asus NAS-M25 allows an unauthenticated attacker to inject arbitrary OS commands via unsanitized cookie values.This issue affects NAS-M25: through 1.0.1.7.
network
low complexity
asus CWE-78
critical
9.8
2022-10-19 CVE-2020-23648 Missing Authentication for Critical Function vulnerability in Asus Rt-N12E Firmware 2.0.0.39
Asus RT-N12E 2.0.0.39 is affected by an incorrect access control vulnerability.
network
low complexity
asus CWE-306
7.5
2022-10-18 CVE-2022-36438 Incorrect Default Permissions vulnerability in Asus Asusswitch and System Control Interface
AsusSwitch.exe on ASUS personal computers (running Windows) sets weak file permissions, leading to local privilege escalation (this also can be used to delete files within the system arbitrarily).
local
low complexity
asus CWE-276
7.8
2022-10-18 CVE-2022-36439 Unspecified vulnerability in Asus products
AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal computers (running Windows) allows a local user to write into the Temp directory and delete another more privileged file via SYSTEM privileges.
local
low complexity
asus
6.0
2022-10-06 CVE-2021-40556 Out-of-bounds Write vulnerability in Asus Rt-Ax56U Firmware 3.0.0.4.386.44266
A stack overflow vulnerability exists in the httpd service in ASUS RT-AX56U Router Version 3.0.0.4.386.44266.
network
low complexity
asus CWE-787
8.8
2022-09-28 CVE-2022-38699 Link Following vulnerability in Asus Armoury Crate Service
Armoury Crate Service’s logging function has insufficient validation to check if the log file is a symbolic link.
low complexity
asus CWE-59
5.9
2022-09-26 CVE-2021-41437 Injection vulnerability in Asus Rt-Ax88U Firmware
An HTTP response splitting attack in web application in ASUS RT-AX88U before v3.0.0.4.388.20558 allows an attacker to craft a specific URL that if an authenticated victim visits it, the URL will give access to the cloud storage of the attacker.
network
low complexity
asus CWE-74
6.5
2022-08-05 CVE-2022-26376 Out-of-bounds Write vulnerability in multiple products
A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7..
network
low complexity
asus asuswrt-merlin CWE-787
critical
9.8