Vulnerabilities > Asus > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-06 | CVE-2021-28203 | OS Command Injection vulnerability in Asus products The Web Set Media Image function in ASUS BMC’s firmware Web management page does not filter the specific parameter. | 7.2 |
| 2021-03-31 | CVE-2021-26943 | Unspecified vulnerability in Asus Ux360Ca Bios 303 The UX360CA BIOS through 303 on ASUS laptops allow an attacker (with the ring 0 privilege) to overwrite nearly arbitrary physical memory locations, including SMRAM, and execute arbitrary code in the SMM (issue 3 of 3). | 8.2 |
| 2021-02-05 | CVE-2021-3229 | Unspecified vulnerability in Asus Rt-Ax3000 Firmware 3.0.0.4.38410177 Denial of service in ASUSWRT ASUS RT-AX3000 firmware versions 3.0.0.4.384_10177 and earlier versions allows an attacker to disrupt the use of device setup services via continuous login error. | 7.5 |
| 2021-01-18 | CVE-2021-3166 | Unrestricted Upload of File with Dangerous Type vulnerability in Asus Dsl-N14U B1 Firmware 1.1.2.3805 An issue was discovered on ASUS DSL-N14U-B1 1.1.2.3_805 devices. | 7.5 |
| 2020-12-09 | CVE-2020-29656 | Forced Browsing vulnerability in Asus Rt-Ac88U Firmware 3.0.0.4.386.46061 An information disclosure vulnerability exists in RT-AC88U Download Master before 3.1.0.108. | 7.5 |
| 2020-12-09 | CVE-2020-29655 | Injection vulnerability in Asus Rt-Ac88U Firmware 3.0.0.4.386.46061 An injection vulnerability exists in RT-AC88U Download Master before 3.1.0.108. | 7.5 |
| 2020-07-20 | CVE-2020-15009 | Untrusted Search Path vulnerability in Asus Screenpad2 Upgrade Tool 1.0.3 AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe in ScreenPad2_Upgrade_Tool.msi V1.0.3 for ASUS PCs with ScreenPad 1.0 (UX450FDX, UX550GDX and UX550GEX) could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name. | 7.8 |
| 2020-06-08 | CVE-2020-12695 | Incorrect Default Permissions vulnerability in multiple products The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. | 7.5 |
| 2020-06-02 | CVE-2019-17603 | Out-of-bounds Write vulnerability in Asus Aura Sync 1.07.71 Ene.sys in Asus Aura Sync through 1.07.71 does not properly validate input to IOCTL 0x80102044, 0x80102050, and 0x80102054, which allows local users to cause a denial of service (system crash) or gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption. | 7.8 |
| 2020-03-25 | CVE-2020-10649 | Uncontrolled Search Path Element vulnerability in Asus Device Activation DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10 notebooks and PCs could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name. | 7.8 |