Vulnerabilities > Asus

DATE CVE VULNERABILITY TITLE RISK
2021-10-18 CVE-2021-42055 Incorrect Default Permissions vulnerability in Asus Ux582Lr Firmware 302
ASUSTek ZenBook Pro Due 15 UX582 laptop firmware through 203 has Insecure Permissions that allow attacks by a physically proximate attacker.
low complexity
asus CWE-276
6.8
2021-09-27 CVE-2021-40981 Uncontrolled Search Path Element vulnerability in Asus Armoury Crate Lite Service
ASUS ROG Armoury Crate Lite before 4.2.10 allows local users to gain privileges by placing a Trojan horse file in the publicly writable %PROGRAMDATA%\ASUS\GamingCenterLib directory.
local
low complexity
asus CWE-427
7.3
2021-05-06 CVE-2021-32030 Improper Authentication vulnerability in Asus Gt-Ac2900 Firmware 3.0.0.4.386.41793
The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator interface.
network
low complexity
asus CWE-287
critical
9.8
2021-04-12 CVE-2021-3128 Excessive Iteration vulnerability in Asus products
In ASUS RT-AX3000, ZenWiFi AX (XT8), RT-AX88U, and other ASUS routers with firmware < 3.0.0.4.386.42095 or < 9.0.0.4.386.41994, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router.
network
low complexity
asus CWE-834
7.5
2021-04-08 CVE-2021-28686 Out-of-bounds Write vulnerability in Asus Gputweak II
AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow low-privileged users to trigger a stack-based buffer overflow.
local
low complexity
asus CWE-787
5.5
2021-04-08 CVE-2021-28685 Unspecified vulnerability in Asus Gputweak II
AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow low-privileged users to interact directly with physical memory (by calling one of several driver routines that map physical memory into the virtual address space of the calling process) and to interact with MSR registers.
local
low complexity
asus
7.8
2021-04-06 CVE-2021-28209 Path Traversal vulnerability in Asus products
The specific function in ASUS BMC’s firmware Web management page (Delete video file function) does not filter the specific parameter.
network
low complexity
asus CWE-22
4.9
2021-04-06 CVE-2021-28208 Path Traversal vulnerability in Asus products
The specific function in ASUS BMC’s firmware Web management page (Get video file function) does not filter the specific parameter.
network
low complexity
asus CWE-22
4.9
2021-04-06 CVE-2021-28207 Path Traversal vulnerability in Asus products
The specific function in ASUS BMC’s firmware Web management page (Get Help file function) does not filter the specific parameter.
network
low complexity
asus CWE-22
4.9
2021-04-06 CVE-2021-28206 Path Traversal vulnerability in Asus products
The specific function in ASUS BMC’s firmware Web management page (Record video file function) does not filter the specific parameter.
network
low complexity
asus CWE-22
4.9