Vulnerabilities > Asus > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-25 | CVE-2018-14980 | Incorrect Permission Assignment for Critical Resource vulnerability in Asus Zenfone 3 MAX Firmware The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains the android framework (i.e., system_server) with a package name of android (versionCode=24, versionName=7.0) that has been modified by ASUS or another entity in the supply chain. | 3.6 |
| 2018-12-28 | CVE-2018-14979 | Information Exposure vulnerability in Asus Zenfone 3 MAX Firmware 7.0.0.55 The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains a pre-installed app with a package name of com.asus.loguploader (versionCode=1570000275, versionName=7.0.0.55_170515). | 1.9 |
| 2018-12-28 | CVE-2018-14992 | Unspecified vulnerability in Asus Zenfone 3 MAX Firmware 1.5.0.40 The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains a pre-installed platform app with a package name of com.asus.dm (versionCode=1510500200, versionName=1.5.0.40_171122) has an exposed interface in an exported service named com.asus.dm.installer.DMInstallerService that allows any app co-located on the device to use its capabilities to download an arbitrary app over the internet and install it. | 2.1 |
| 2018-12-26 | CVE-2018-18537 | Unspecified vulnerability in Asus Aura Sync Firmware 1.07.22 The GLCKIo low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes a path to write an arbitrary DWORD to an arbitrary address. | 2.1 |
| 2017-08-18 | CVE-2017-12591 | Cross-site Scripting vulnerability in Asus Dsl-N10S Firmware V2.1.16Apac ASUS DSL-N10S V2.1.16_APAC devices have reflected and stored cross site scripting, as demonstrated by the snmpSysName parameter. | 3.5 |
| 2017-01-30 | CVE-2017-5632 | Denial of Service vulnerability in Asus Rt-N56U Firmware 3.0.0.4.374979 An issue was discovered on the ASUS RT-N56U Wireless Router with Firmware 3.0.0.4.374_979. low complexity asus | 3.3 |
| 2015-12-30 | CVE-2015-7787 | Information Exposure vulnerability in Asus Wl-330Nul Firmware 3.0.0.41 ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to discover the WPA2-PSK passphrase via unspecified vectors. | 3.3 |
| 2015-12-30 | CVE-2015-7789 | Improper Input Validation vulnerability in Asus Wl-330Nul and Wl-33Nul Firmware ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to cause a denial of service via unspecified vectors. | 3.3 |
| 2011-11-21 | CVE-2011-4497 | Information Exposure vulnerability in Asus Rt-N56U and Rt-N56U Firmware QIS_wizard.htm on the ASUS RT-N56U router with firmware before 1.0.1.4o allows remote attackers to obtain the administrator password via a flag=detect request. | 3.3 |