Vulnerabilities > Asus > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-19 | CVE-2023-5716 | Missing Authentication for Critical Function vulnerability in Asus Armoury Crate ASUS Armoury Crate has a vulnerability in arbitrary file write and allows remote attackers to access or modify arbitrary files by sending specific HTTP requests without permission. | 9.8 |
| 2023-11-15 | CVE-2023-47678 | Unspecified vulnerability in Asus Rt-Ac87U Firmware An improper access control vulnerability exists in RT-AC87U all versions. | 9.1 |
| 2023-07-21 | CVE-2023-35087 | Use of Externally-Controlled Format String vulnerability in Asus Rt-Ac86U Firmware and Rt-Ax56U V2 Firmware It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. | 9.8 |
| 2023-02-26 | CVE-2023-26602 | Command Injection vulnerability in Asus Asmb8-Ikvm Firmware 1.14.51 ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution. | 9.8 |
| 2023-02-03 | CVE-2021-37315 | Use of Incorrectly-Resolved Name or Reference vulnerability in Asus Rt-Ac68U Firmware Incorrect Access Control issue discoverd in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the source for COPY and MOVE operations. | 9.1 |
| 2023-02-03 | CVE-2021-37317 | Path Traversal vulnerability in Asus Rt-Ac68U Firmware Directory Traversal vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the target for COPY and MOVE operations. | 9.1 |
| 2022-12-01 | CVE-2022-4221 | OS Command Injection vulnerability in Asus Nas-M25 Firmware Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Asus NAS-M25 allows an unauthenticated attacker to inject arbitrary OS commands via unsanitized cookie values.This issue affects NAS-M25: through 1.0.1.7. | 9.8 |
| 2022-08-05 | CVE-2022-26376 | Out-of-bounds Write vulnerability in multiple products A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. | 9.8 |
| 2022-07-05 | CVE-2021-43702 | Cross-site Scripting vulnerability in Asus products ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). | 9.0 |
| 2022-06-17 | CVE-2022-31874 | Command Injection vulnerability in Asus Rt-N53 Firmware 3.0.0.4.376.3754 ASUS RT-N53 3.0.0.4.376.3754 has a command injection vulnerability in the SystemCmd parameter of the apply.cgi interface. | 9.8 |