Vulnerabilities > Asus
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-10-19 | CVE-2020-23648 | Missing Authentication for Critical Function vulnerability in Asus Rt-N12E Firmware 2.0.0.39 Asus RT-N12E 2.0.0.39 is affected by an incorrect access control vulnerability. | 7.5 |
2022-10-18 | CVE-2022-36438 | Incorrect Default Permissions vulnerability in Asus Asusswitch and System Control Interface AsusSwitch.exe on ASUS personal computers (running Windows) sets weak file permissions, leading to local privilege escalation (this also can be used to delete files within the system arbitrarily). | 7.8 |
2022-10-18 | CVE-2022-36439 | Unspecified vulnerability in Asus products AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal computers (running Windows) allows a local user to write into the Temp directory and delete another more privileged file via SYSTEM privileges. | 6.0 |
2022-10-06 | CVE-2021-40556 | Out-of-bounds Write vulnerability in Asus Rt-Ax56U Firmware 3.0.0.4.386.44266 A stack overflow vulnerability exists in the httpd service in ASUS RT-AX56U Router Version 3.0.0.4.386.44266. | 8.8 |
2022-09-28 | CVE-2022-38699 | Link Following vulnerability in Asus Armoury Crate Service Armoury Crate Service’s logging function has insufficient validation to check if the log file is a symbolic link. | 5.9 |
2022-09-26 | CVE-2021-41437 | Injection vulnerability in Asus Rt-Ax88U Firmware An HTTP response splitting attack in web application in ASUS RT-AX88U before v3.0.0.4.388.20558 allows an attacker to craft a specific URL that if an authenticated victim visits it, the URL will give access to the cloud storage of the attacker. | 6.5 |
2022-08-05 | CVE-2022-26376 | Out-of-bounds Write vulnerability in multiple products A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. | 9.8 |
2022-07-21 | CVE-2022-35899 | Unquoted Search Path or Element vulnerability in Asus Aura Ready Game Software Development KIT 1.0.0.4 There is an unquoted service path in ASUSTeK Aura Ready Game SDK service (GameSDK.exe) 1.0.0.4. | 7.8 |
2022-07-05 | CVE-2021-43702 | Cross-site Scripting vulnerability in Asus products ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). | 3.5 |
2022-07-01 | CVE-2022-32988 | Cross-site Scripting vulnerability in Asus Dsl-N14U-B1 Firmware 1.1.2.3805 Cross Site Scripting (XSS) vulnerability in router Asus DSL-N14U-B1 1.1.2.3_805 via the "*list" parameters (e.g. | 3.5 |