Vulnerabilities > Asus > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-22 | CVE-2022-26672 | Use of Hard-coded Credentials vulnerability in Asus Webstorage 3.10.1 ASUS WebStorage has a hardcoded API Token in the APP source code. | 9.8 |
| 2022-04-22 | CVE-2022-26674 | Use of Externally-Controlled Format String vulnerability in Asus Rt-Ax88U Firmware ASUS RT-AX88U has a Format String vulnerability, which allows an unauthenticated remote attacker to write to arbitrary memory address and perform remote arbitrary code execution, arbitrary system operation or disrupt service. | 9.8 |
| 2022-03-23 | CVE-2021-45756 | Classic Buffer Overflow vulnerability in Asus Rt-Ac5300 Firmware and Rt-Ac68U Firmware Asus RT-AC68U <3.0.0.4.385.20633 and RT-AC5300 <3.0.0.4.384.82072 are affected by a buffer overflow in blocking_request.cgi. | 9.8 |
| 2022-03-10 | CVE-2022-22814 | Unspecified vulnerability in Asus Myasus 3.1.1.0 The System Diagnosis service of MyASUS before 3.1.2.0 allows privilege escalation. | 9.8 |
| 2021-12-28 | CVE-2019-20082 | Classic Buffer Overflow vulnerability in Asus Rt-N53 Firmware 3.0.0.4.376.3754 ASUS RT-N53 3.0.0.4.376.3754 devices have a buffer overflow via a long lan_dns1_x or lan_dns2_x parameter to Advanced_LAN_Content.asp. | 9.8 |
| 2021-11-19 | CVE-2021-41435 | Improper Restriction of Excessive Authentication Attempts vulnerability in Asus products A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request. | 9.8 |
| 2021-05-06 | CVE-2021-32030 | Improper Authentication vulnerability in Asus Gt-Ac2900 Firmware 3.0.0.4.386.41793 The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator interface. | 9.8 |
| 2021-02-01 | CVE-2020-36109 | Classic Buffer Overflow vulnerability in Asus Rt-Ax86U Firmware 3.0.0.4.386.46061/3.0.0.4.38649447 ASUS RT-AX86U router firmware below version under 9.0.0.4_386 has a buffer overflow in the blocking_request.cgi function of the httpd module that can cause code execution when an attacker constructs malicious data. | 9.8 |
| 2021-01-04 | CVE-2020-35219 | Improper Authentication vulnerability in Asus Dsl-N17U Firmware 1.1.0.2 The ASUS DSL-N17U modem with firmware 1.1.0.2 allows attackers to access the admin interface by changing the admin password without authentication via a POST request to Advanced_System_Content.asp with the uiViewTools_username=admin&uiViewTools_Password= and uiViewTools_PasswordConfirm= substrings. | 9.8 |
| 2020-03-20 | CVE-2018-20334 | OS Command Injection vulnerability in Asus Asuswrt 3.0.0.4.384.20308 An issue was discovered in ASUSWRT 3.0.0.4.384.20308. | 9.8 |