Vulnerabilities > Asus > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-21 | CVE-2022-21933 | Out-of-bounds Write vulnerability in Asus products ASUS VivoMini/Mini PC device has an improper input validation vulnerability. | 7.8 |
| 2022-01-03 | CVE-2021-44158 | Improper Validation of Specified Quantity in Input vulnerability in Asus Rt-Ax56U Firmware 3.0.0.4.386.44266 ASUS RT-AX56U Wi-Fi Router is vulnerable to stack-based buffer overflow due to improper validation for httpd parameter length. | 8.0 |
| 2021-11-19 | CVE-2021-41436 | HTTP Request Smuggling vulnerability in Asus products An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote unauthenticated attacker to DoS via sending a specially crafted HTTP packet. | 7.5 |
| 2021-09-27 | CVE-2021-40981 | Uncontrolled Search Path Element vulnerability in Asus Armoury Crate Lite Service ASUS ROG Armoury Crate Lite before 4.2.10 allows local users to gain privileges by placing a Trojan horse file in the publicly writable %PROGRAMDATA%\ASUS\GamingCenterLib directory. | 7.3 |
| 2021-04-12 | CVE-2021-3128 | Excessive Iteration vulnerability in Asus products In ASUS RT-AX3000, ZenWiFi AX (XT8), RT-AX88U, and other ASUS routers with firmware < 3.0.0.4.386.42095 or < 9.0.0.4.386.41994, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. | 7.5 |
| 2021-04-08 | CVE-2021-28685 | Unspecified vulnerability in Asus Gputweak II AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow low-privileged users to interact directly with physical memory (by calling one of several driver routines that map physical memory into the virtual address space of the calling process) and to interact with MSR registers. | 7.8 |
| 2021-04-06 | CVE-2021-28204 | OS Command Injection vulnerability in Asus products The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not filter the specific parameter. | 7.2 |
| 2021-04-06 | CVE-2021-28203 | OS Command Injection vulnerability in Asus products The Web Set Media Image function in ASUS BMC’s firmware Web management page does not filter the specific parameter. | 7.2 |
| 2021-03-31 | CVE-2021-26943 | Unspecified vulnerability in Asus Ux360Ca Bios 303 The UX360CA BIOS through 303 on ASUS laptops allow an attacker (with the ring 0 privilege) to overwrite nearly arbitrary physical memory locations, including SMRAM, and execute arbitrary code in the SMM (issue 3 of 3). | 8.2 |
| 2021-02-05 | CVE-2021-3229 | Unspecified vulnerability in Asus Rt-Ax3000 Firmware 3.0.0.4.38410177 Denial of service in ASUSWRT ASUS RT-AX3000 firmware versions 3.0.0.4.384_10177 and earlier versions allows an attacker to disrupt the use of device setup services via continuous login error. | 7.5 |