Vulnerabilities > Asus > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-15 | CVE-2022-42455 | Unspecified vulnerability in Asus Armoury Crate 4.1.0.8/5.3.4.0 ASUS EC Tool driver (aka d.sys) 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, as signed by ASUS and shipped with multiple ASUS software products, contains multiple IOCTL handlers that provide raw read and write access to port I/O and MSRs via unprivileged IOCTL calls. | 7.8 |
| 2023-02-03 | CVE-2021-37316 | SQL Injection vulnerability in Asus Rt-Ac68U Firmware SQL injection vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to view sensitive information via /etc/shadow. | 7.5 |
| 2023-01-10 | CVE-2022-35401 | Improper Authentication vulnerability in Asus Rt-Ax82U Firmware 3.0.0.4.38649674Ge182230 An authentication bypass vulnerability exists in the get_IFTTTTtoken.cgi functionality of Asus RT-AX82U 3.0.0.4.386_49674-ge182230. | 8.1 |
| 2023-01-10 | CVE-2022-38105 | Unspecified vulnerability in Asus Rt-Ax82U Firmware 3.0.0.4.38649674Ge182230 An information disclosure vulnerability exists in the cm_processREQ_NC opcode of Asus RT-AX82U 3.0.0.4.386_49674-ge182230 router's configuration service. | 7.5 |
| 2023-01-10 | CVE-2022-38393 | Unspecified vulnerability in Asus Rt-Ax82U Firmware 3.0.0.4.38649674Ge182230 A denial of service vulnerability exists in the cfg_server cm_processConnDiagPktList opcode of Asus RT-AX82U 3.0.0.4.386_49674-ge182230 router's configuration service. | 7.5 |
| 2022-12-14 | CVE-2022-44898 | Out-of-bounds Write vulnerability in Asus Aura Sync 1.07.71/1.07.79 The MsIo64.sys component in Asus Aura Sync through v1.07.79 does not properly validate input to IOCTL 0x80102040, 0x80102044, 0x80102050, and 0x80102054, allowing attackers to trigger a memory corruption and cause a Denial of Service (DoS) or escalate privileges via crafted IOCTL requests. | 7.8 |
| 2022-10-19 | CVE-2020-23648 | Missing Authentication for Critical Function vulnerability in Asus Rt-N12E Firmware 2.0.0.39 Asus RT-N12E 2.0.0.39 is affected by an incorrect access control vulnerability. | 7.5 |
| 2022-10-18 | CVE-2022-36438 | Incorrect Default Permissions vulnerability in Asus Asusswitch and System Control Interface AsusSwitch.exe on ASUS personal computers (running Windows) sets weak file permissions, leading to local privilege escalation (this also can be used to delete files within the system arbitrarily). | 7.8 |
| 2022-10-06 | CVE-2021-40556 | Out-of-bounds Write vulnerability in Asus Rt-Ax56U Firmware 3.0.0.4.386.44266 A stack overflow vulnerability exists in the httpd service in ASUS RT-AX56U Router Version 3.0.0.4.386.44266. | 8.8 |
| 2022-07-21 | CVE-2022-35899 | Unquoted Search Path or Element vulnerability in Asus Aura Ready Game Software Development KIT 1.0.0.4 There is an unquoted service path in ASUSTeK Aura Ready Game SDK service (GameSDK.exe) 1.0.0.4. | 7.8 |