Vulnerabilities > Asus

DATE CVE VULNERABILITY TITLE RISK
2022-03-01 CVE-2022-22262 Link Following vulnerability in Asus ROG Live Service
ROG Live Service’s function for deleting temp files created by installation has an improper link resolution before file access vulnerability.
local
low complexity
asus CWE-59
7.7
2022-02-17 CVE-2021-46247 Use of Hard-coded Credentials vulnerability in Asus Cmax6000 Firmware 1.02.00
The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from ASUS CMAX6000 v1.02.00.
network
low complexity
asus CWE-798
7.5
2022-01-21 CVE-2022-21933 Out-of-bounds Write vulnerability in Asus products
ASUS VivoMini/Mini PC device has an improper input validation vulnerability.
local
low complexity
asus CWE-787
7.8
2022-01-14 CVE-2022-22054 Path Traversal vulnerability in Asus Rt-Ax56U Firmware 3.0.0.4.386.44266
ASUS RT-AX56U’s login function contains a path traversal vulnerability due to its inadequate filtering for special characters in URL parameters, which allows an unauthenticated local area network attacker to access restricted system paths and download arbitrary files.
low complexity
asus CWE-22
6.5
2022-01-03 CVE-2021-46109 Cross-site Scripting vulnerability in Asus Rt-Ac52U B1 Firmware 3.0.0.4.380.10931
Invalid input sanitizing leads to reflected Cross Site Scripting (XSS) in ASUS RT-AC52U_B1 3.0.0.4.380.10931 can lead to a user session hijack.
network
low complexity
asus CWE-79
6.1
2022-01-03 CVE-2021-44158 Improper Validation of Specified Quantity in Input vulnerability in Asus Rt-Ax56U Firmware 3.0.0.4.386.44266
ASUS RT-AX56U Wi-Fi Router is vulnerable to stack-based buffer overflow due to improper validation for httpd parameter length.
low complexity
asus CWE-1284
8.0
2021-12-28 CVE-2019-20082 Classic Buffer Overflow vulnerability in Asus Rt-N53 Firmware 3.0.0.4.376.3754
ASUS RT-N53 3.0.0.4.376.3754 devices have a buffer overflow via a long lan_dns1_x or lan_dns2_x parameter to Advanced_LAN_Content.asp.
network
low complexity
asus CWE-120
critical
9.8
2021-11-19 CVE-2021-41435 Improper Restriction of Excessive Authentication Attempts vulnerability in Asus products
A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request.
network
low complexity
asus CWE-307
critical
9.8
2021-11-19 CVE-2021-41436 HTTP Request Smuggling vulnerability in Asus products
An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote unauthenticated attacker to DoS via sending a specially crafted HTTP packet.
network
low complexity
asus CWE-444
7.5
2021-11-12 CVE-2021-37910 Unspecified vulnerability in Asus products
ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has improper control of Interaction frequency vulnerability, an unauthenticated attacker can remotely disconnect other users' connections by sending specially crafted SAE authentication frames.
network
low complexity
asus
5.3