Vulnerabilities > Asus

DATE CVE VULNERABILITY TITLE RISK
2022-06-20 CVE-2022-26668 Incorrect Authorization vulnerability in Asus Control Center 1.4.2.5
ASUS Control Center API has a broken access control vulnerability.
network
low complexity
asus CWE-863
6.4
6.4
2022-06-20 CVE-2022-26669 SQL Injection vulnerability in Asus Control Center 1.4.2.5
ASUS Control Center is vulnerable to SQL injection.
network
low complexity
asus CWE-89
4.0
4.0
2022-06-17 CVE-2022-31874 Command Injection vulnerability in Asus Rt-N53 Firmware 3.0.0.4.376.3754
ASUS RT-N53 3.0.0.4.376.3754 has a command injection vulnerability in the SystemCmd parameter of the apply.cgi interface.
network
low complexity
asus CWE-77
7.5
7.5
2022-05-11 CVE-2021-3254 Unspecified vulnerability in Asus Dsl-N14U-B1 Firmware 1.1.2.3805
Asus DSL-N14U-B1 1.1.2.3_805 allows remote attackers to cause a Denial of Service (DoS) via a TCP SYN scan using nmap.
network
low complexity
asus
7.8
7.8
2022-04-22 CVE-2022-26672 Use of Hard-coded Credentials vulnerability in Asus Webstorage
ASUS WebStorage has a hardcoded API Token in the APP source code.
network
low complexity
asus CWE-798
7.5
7.5
2022-04-22 CVE-2022-26673 Cross-site Scripting vulnerability in Asus Rt-Ax88U Firmware
ASUS RT-AX88U has insufficient filtering for special characters in the HTTP header parameter.
network
asus CWE-79
3.5
3.5
2022-04-22 CVE-2022-26674 Use of Externally-Controlled Format String vulnerability in Asus Rt-Ax88U Firmware
ASUS RT-AX88U has a Format String vulnerability, which allows an unauthenticated remote attacker to write to arbitrary memory address and perform remote arbitrary code execution, arbitrary system operation or disrupt service.
network
low complexity
asus CWE-134
7.5
7.5
2022-04-07 CVE-2022-23970 Path Traversal vulnerability in Asus Rt-Ax56U Firmware 3.0.0.4.386.45898
ASUS RT-AX56U’s update_json function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter.
low complexity
asus CWE-22
4.8
4.8
2022-04-07 CVE-2022-23971 Path Traversal vulnerability in Asus Rt-Ax56U Firmware 3.0.0.4.386.45898
ASUS RT-AX56U’s update_PLC/PORT file has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter.
low complexity
asus CWE-22
4.8
4.8
2022-04-07 CVE-2022-23972 SQL Injection vulnerability in Asus Rt-Ax56U Firmware 3.0.0.4.386.45898
ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation.
low complexity
asus CWE-89
5.8
5.8