Vulnerabilities > Asus > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-03-23 CVE-2021-45756 Classic Buffer Overflow vulnerability in Asus Rt-Ac5300 Firmware and Rt-Ac68U Firmware
Asus RT-AC68U <3.0.0.4.385.20633 and RT-AC5300 <3.0.0.4.384.82072 are affected by a buffer overflow in blocking_request.cgi.
network
low complexity
asus CWE-120
critical
9.8
2022-03-10 CVE-2022-22814 Unspecified vulnerability in Asus Myasus 3.1.1.0
The System Diagnosis service of MyASUS before 3.1.2.0 allows privilege escalation.
network
low complexity
asus
critical
9.8
2021-12-28 CVE-2019-20082 Classic Buffer Overflow vulnerability in Asus Rt-N53 Firmware 3.0.0.4.376.3754
ASUS RT-N53 3.0.0.4.376.3754 devices have a buffer overflow via a long lan_dns1_x or lan_dns2_x parameter to Advanced_LAN_Content.asp.
network
low complexity
asus CWE-120
critical
9.8
2021-11-19 CVE-2021-41435 Improper Restriction of Excessive Authentication Attempts vulnerability in Asus products
A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request.
network
low complexity
asus CWE-307
critical
9.8
2021-05-06 CVE-2021-32030 Improper Authentication vulnerability in Asus Gt-Ac2900 Firmware 3.0.0.4.386.41793
The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator interface.
network
low complexity
asus CWE-287
critical
9.8
2021-02-01 CVE-2020-36109 Classic Buffer Overflow vulnerability in Asus Rt-Ax86U Firmware 3.0.0.4.386.46061/3.0.0.4.38649447
ASUS RT-AX86U router firmware below version under 9.0.0.4_386 has a buffer overflow in the blocking_request.cgi function of the httpd module that can cause code execution when an attacker constructs malicious data.
network
low complexity
asus CWE-120
critical
9.8
2021-01-04 CVE-2020-35219 Improper Authentication vulnerability in Asus Dsl-N17U Firmware 1.1.0.2
The ASUS DSL-N17U modem with firmware 1.1.0.2 allows attackers to access the admin interface by changing the admin password without authentication via a POST request to Advanced_System_Content.asp with the uiViewTools_username=admin&uiViewTools_Password= and uiViewTools_PasswordConfirm= substrings.
network
low complexity
asus CWE-287
critical
9.8
2020-03-20 CVE-2018-20334 OS Command Injection vulnerability in Asus Asuswrt 3.0.0.4.384.20308
An issue was discovered in ASUSWRT 3.0.0.4.384.20308.
network
low complexity
asus CWE-78
critical
9.8
2019-12-20 CVE-2019-15911 Cleartext Transmission of Sensitive Information vulnerability in Asus products
An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO.
network
low complexity
asus CWE-319
critical
9.8
2019-11-21 CVE-2018-8879 Out-of-bounds Write vulnerability in Asus Rt-Ac66U Firmware
Stack-based buffer overflow in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to execute arbitrary code by providing a long string to the blocking.asp page via a GET or POST request.
network
low complexity
asus CWE-787
critical
9.8