Vulnerabilities > Asus > High

DATE CVE VULNERABILITY TITLE RISK
2024-06-14 CVE-2024-31161 Unrestricted Upload of File with Dangerous Type vulnerability in Asus Download Master
The upload functionality of ASUS Download Master does not properly filter user input.
network
low complexity
asus CWE-434
7.2
7.2
2023-11-03 CVE-2023-41345 OS Command Injection vulnerability in Asus Rt-Ax55 Firmware 3.0.0.4.386.51598
ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-generated module.
network
low complexity
asus CWE-78
8.8
8.8
2023-11-03 CVE-2023-41346 OS Command Injection vulnerability in Asus Rt-Ax55 Firmware 3.0.0.4.386.51598
ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-refresh module.
network
low complexity
asus CWE-78
8.8
8.8
2023-11-03 CVE-2023-41347 OS Command Injection vulnerability in Asus Rt-Ax55 Firmware 3.0.0.4.386.51598
ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its check token module.
network
low complexity
asus CWE-78
8.8
8.8
2023-11-03 CVE-2023-41348 OS Command Injection vulnerability in Asus Rt-Ax55 Firmware 3.0.0.4.386.51598
ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its code-authentication module.
network
low complexity
asus CWE-78
8.8
8.8
2023-09-18 CVE-2023-41349 Use of Externally-Controlled Format String vulnerability in Asus Rt-Ax88U Firmware
ASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function.
network
low complexity
asus CWE-134
8.8
8.8
2023-09-11 CVE-2023-39780 Command Injection vulnerability in Asus Rt-Ax55 Firmware 3.0.0.4.386.51598
ASUS RT-AX55 v3.0.0.4.386.51598 was discovered to contain an authenticated command injection vulnerability.
network
low complexity
asus CWE-77
8.8
8.8
2023-09-07 CVE-2023-39238 Use of Externally-Controlled Format String vulnerability in Asus products
It is identified a format string vulnerability in ASUS RT-AX56U V2.
network
low complexity
asus CWE-134
7.2
7.2
2023-09-07 CVE-2023-39239 Use of Externally-Controlled Format String vulnerability in Asus products
It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API.
network
low complexity
asus CWE-134
7.2
7.2
2023-09-07 CVE-2023-39240 Use of Externally-Controlled Format String vulnerability in Asus products
It is identified a format string vulnerability in ASUS RT-AX56U V2’s iperf client function API.
network
low complexity
asus CWE-134
7.2
7.2