Vulnerabilities > Asus > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-20 | CVE-2018-20335 | Improper Input Validation vulnerability in Asus Asuswrt 3.0.0.4.384.20308 An issue was discovered in ASUSWRT 3.0.0.4.384.20308. | 7.5 |
| 2020-03-20 | CVE-2018-20333 | Information Exposure vulnerability in Asus Asuswrt 3.0.0.4.384.20308 An issue was discovered in ASUSWRT 3.0.0.4.384.20308. | 7.5 |
| 2020-01-28 | CVE-2013-3093 | Cross-Site Request Forgery (CSRF) vulnerability in Asus products ASUS RT-N56U devices allow CSRF. | 8.8 |
| 2019-12-20 | CVE-2019-15912 | Improper Input Validation vulnerability in Asus products An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. | 7.5 |
| 2019-12-20 | CVE-2019-15910 | Improper Input Validation vulnerability in Asus products An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. | 7.5 |
| 2019-12-18 | CVE-2019-19235 | Uncontrolled Search Path Element vulnerability in Asus ATK Package AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 (for Windows 10 notebook PCs) could lead to unsigned code execution with no additional execution. | 7.0 |
| 2019-11-14 | CVE-2019-15419 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Asus X105D Firmware The Asus ASUS_X015_1 Android device with a build fingerprint of asus/CN_X015/ASUS_X015_1:7.0/NRD90M/CN_X015-14.00.1709.35-20171215:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app (versionCode=5, versionName=5.0.1) that allows unauthorized command execution via a confused deputy attack. | 7.8 |
| 2019-11-14 | CVE-2019-15418 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Asus Pegasus 4 MAX Firmware and Pegasus 4A Firmware The Asus ASUS_X00K_1 Android device with a build fingerprint of asus/CN_X00K/ASUS_X00K_1:7.0/NRD90M/CN_X00K-14.01.1711.27-20180420:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app (versionCode=5, versionName=5.0.1) that allows unauthorized command execution via a confused deputy attack. | 7.8 |
| 2019-11-14 | CVE-2019-15414 | Unspecified vulnerability in Asus Zenfone AR Firmware The Asus ZenFone AR Android device with a build fingerprint of asus/WW_ASUS_A002/ASUS_A002:7.0/NRD90M/14.1600.1805.51-20180626:user/release-keys contains a pre-installed app with a package name of com.asus.splendidcommandagent app (versionCode=1510200105, versionName=1.2.0.21_180605) that allows other pre-installed apps to perform command execution via an accessible app component. | 7.8 |
| 2019-11-14 | CVE-2019-15413 | Unspecified vulnerability in Asus Zenfone 3 Ultra Firmware The Asus ZenFone 3 Ultra Android device with a build fingerprint of asus/WW_Phone/ASUS_A001:7.0/NRD90M/14.1010.1804.75-20180612:user/release-keys contains a pre-installed app with a package name of com.asus.splendidcommandagent app (versionCode=1510200105, versionName=1.2.0.21_180605) that allows other pre-installed apps to perform command execution via an accessible app component. | 7.8 |