Vulnerabilities > Asus > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-01-19 CVE-2023-5716 Unspecified vulnerability in Asus Armoury Crate
ASUS Armoury Crate has a vulnerability in arbitrary file write and allows remote attackers to access or modify arbitrary files by sending specific HTTP requests without permission.
network
low complexity
asus
critical
9.8
2023-11-15 CVE-2023-47678 Unspecified vulnerability in Asus Rt-Ac87U Firmware
An improper access control vulnerability exists in RT-AC87U all versions.
network
low complexity
asus
critical
9.1
2023-02-26 CVE-2023-26602 Command Injection vulnerability in Asus Asmb8-Ikvm Firmware 1.14.51
ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution.
network
low complexity
asus CWE-77
critical
9.8
2023-02-03 CVE-2021-37315 Use of Incorrectly-Resolved Name or Reference vulnerability in Asus Rt-Ac68U Firmware
Incorrect Access Control issue discoverd in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the source for COPY and MOVE operations.
network
low complexity
asus CWE-706
critical
9.1
2023-02-03 CVE-2021-37317 Path Traversal vulnerability in Asus Rt-Ac68U Firmware
Directory Traversal vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the target for COPY and MOVE operations.
network
low complexity
asus CWE-22
critical
9.1
2022-12-01 CVE-2022-4221 OS Command Injection vulnerability in Asus Nas-M25 Firmware
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Asus NAS-M25 allows an unauthenticated attacker to inject arbitrary OS commands via unsanitized cookie values.This issue affects NAS-M25: through 1.0.1.7.
network
low complexity
asus CWE-78
critical
9.8
2022-08-05 CVE-2022-26376 A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7..
network
low complexity
asus asuswrt-merlin
critical
9.8
2022-07-05 CVE-2021-43702 Cross-site Scripting vulnerability in Asus products
ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS).
network
low complexity
asus CWE-79
critical
9.0
2022-06-17 CVE-2022-31874 Command Injection vulnerability in Asus Rt-N53 Firmware 3.0.0.4.376.3754
ASUS RT-N53 3.0.0.4.376.3754 has a command injection vulnerability in the SystemCmd parameter of the apply.cgi interface.
network
low complexity
asus CWE-77
critical
9.8
2022-04-22 CVE-2022-26672 Use of Hard-coded Credentials vulnerability in Asus Webstorage 3.10.1
ASUS WebStorage has a hardcoded API Token in the APP source code.
network
low complexity
asus CWE-798
critical
9.8