Vulnerabilities > Asus > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-12 | CVE-2023-34942 | Out-of-bounds Write vulnerability in Asus Rt-N10Lx Firmware 2.0.0.39 Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overflow via the mac parameter at /start-apply.html. | 7.5 |
| 2023-06-02 | CVE-2023-28702 | OS Command Injection vulnerability in Asus Rt-Ac86U Firmware 3.0.0.4.386.51255 ASUS RT-AC86U does not filter special characters for parameters in specific web URLs. | 8.8 |
| 2023-06-02 | CVE-2023-28703 | Stack-based Buffer Overflow vulnerability in Asus Rt-Ac86U Firmware 3.0.0.4.386.51255 ASUS RT-AC86U’s specific cgi function has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. | 7.2 |
| 2023-02-15 | CVE-2022-42455 | Unspecified vulnerability in Asus Armoury Crate 4.1.0.8/5.3.4.0 ASUS EC Tool driver (aka d.sys) 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, as signed by ASUS and shipped with multiple ASUS software products, contains multiple IOCTL handlers that provide raw read and write access to port I/O and MSRs via unprivileged IOCTL calls. | 7.8 |
| 2023-02-03 | CVE-2021-37316 | SQL Injection vulnerability in Asus Rt-Ac68U Firmware SQL injection vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to view sensitive information via /etc/shadow. | 7.5 |
| 2023-01-10 | CVE-2022-35401 | Improper Authentication vulnerability in Asus Rt-Ax82U Firmware 3.0.0.4.38649674Ge182230 An authentication bypass vulnerability exists in the get_IFTTTTtoken.cgi functionality of Asus RT-AX82U 3.0.0.4.386_49674-ge182230. | 8.1 |
| 2023-01-10 | CVE-2022-38105 | Unspecified vulnerability in Asus Rt-Ax82U Firmware 3.0.0.4.38649674Ge182230 An information disclosure vulnerability exists in the cm_processREQ_NC opcode of Asus RT-AX82U 3.0.0.4.386_49674-ge182230 router's configuration service. | 7.5 |
| 2023-01-10 | CVE-2022-38393 | Out-of-bounds Read vulnerability in Asus Rt-Ax82U Firmware 3.0.0.4.38649674Ge182230 A denial of service vulnerability exists in the cfg_server cm_processConnDiagPktList opcode of Asus RT-AX82U 3.0.0.4.386_49674-ge182230 router's configuration service. | 7.5 |
| 2022-12-14 | CVE-2022-44898 | Out-of-bounds Write vulnerability in Asus Aura Sync 1.07.71/1.07.79 The MsIo64.sys component in Asus Aura Sync through v1.07.79 does not properly validate input to IOCTL 0x80102040, 0x80102044, 0x80102050, and 0x80102054, allowing attackers to trigger a memory corruption and cause a Denial of Service (DoS) or escalate privileges via crafted IOCTL requests. | 7.8 |
| 2022-10-19 | CVE-2020-23648 | Missing Authentication for Critical Function vulnerability in Asus Rt-N12E Firmware 2.0.0.39 Asus RT-N12E 2.0.0.39 is affected by an incorrect access control vulnerability. | 7.5 |