Vulnerabilities > Asus > High

DATE CVE VULNERABILITY TITLE RISK
2017-11-21 CVE-2017-5711 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege.
local
low complexity
intel asus siemens CWE-119
7.8
7.8
2017-08-18 CVE-2017-12593 Cross-Site Request Forgery (CSRF) vulnerability in Asus Dsl-N10S Firmware V2.1.16Apac
ASUS DSL-N10S V2.1.16_APAC devices allow CSRF.
network
low complexity
asus CWE-352
8.8
8.8
2017-08-18 CVE-2017-12592 Unspecified vulnerability in Asus Dsl-N10S Firmware V2.1.16Apac
ASUS DSL-N10S V2.1.16_APAC devices have a privilege escalation vulnerability.
network
low complexity
asus
8.8
8.8
2017-05-10 CVE-2017-5892 Information Exposure vulnerability in Asus Rt-Ac1750 Firmware 3.0.0.4.380.7266
ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 allow JSONP Information Disclosure such as a network map.
network
low complexity
asus CWE-200
7.5
7.5
2017-05-10 CVE-2017-5891 Cross-Site Request Forgery (CSRF) vulnerability in Asus Rt-Ac1750 Firmware 3.0.0.4.380.7266
ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 have Login Page CSRF and Save Settings CSRF.
network
low complexity
asus CWE-352
8.8
8.8
2017-03-09 CVE-2017-6549 Improper Authentication vulnerability in Asus Rt-Ac53 Firmware 3.0.0.4.380.6038
Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before 3.0.0.4.380.7378; RT-AC68W routers with firmware before 3.0.0.4.380.7266; and RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1, and RT-N12+ Pro routers with firmware before 3.0.0.4.380.9488; and Asuswrt-Merlin firmware before 380.65_2 allows remote attackers to steal any active admin session by sending cgi_logout and asusrouter-Windows-IFTTT-1.0 in certain HTTP headers.
network
low complexity
asus CWE-287
8.8
8.8
2015-12-30 CVE-2015-7788 Permissions, Privileges, and Access Controls vulnerability in Asus Wl-330Nul Firmware 3.0.0.41
ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to execute arbitrary commands via unspecified vectors.
network
low complexity
asus CWE-264
7.3
7.3