Vulnerabilities > Asus > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-31 | CVE-2023-34360 | Unspecified vulnerability in Asus Rt-Ax88U Firmware A stored cross-site scripting (XSS) issue was discovered within the Custom User Icons functionality of ASUS RT-AX88U running firmware versions 3.0.0.4.388.23110 and prior. After a remote attacker logging in device with regular user privilege, the remote attacker can perform a Stored Cross-site Scripting (XSS) attack by uploading image which containing JavaScript code. | 5.4 |
| 2023-06-13 | CVE-2023-31195 | Cleartext Transmission of Sensitive Information vulnerability in Asus Rt-Ax3000 Firmware ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 uses sensitive cookies without 'Secure' attribute. | 5.3 |
| 2023-06-12 | CVE-2023-34941 | Cross-site Scripting vulnerability in Asus Rt-N10Lx Firmware 2.0.0.39 A stored cross-site scripting (XSS) vulnerability in the urlFilterList function of Asus RT-N10LX Router v2.0.0.39 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL Keyword List text field. | 5.4 |
| 2023-05-02 | CVE-2023-29772 | Cross-site Scripting vulnerability in Asus Rt-Ac51U Firmware 3.0.0.4.380.8228/3.0.0.4.380.8591 A Cross-site scripting (XSS) vulnerability in the System Log/General Log page of the administrator web UI in ASUS RT-AC51U wireless router firmware version up to and including 3.0.0.4.380.8591 allows remote attackers to inject arbitrary web script or HTML via a malicious network request. | 5.2 |
| 2022-10-18 | CVE-2022-36439 | Unspecified vulnerability in Asus products AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal computers (running Windows) allows a local user to write into the Temp directory and delete another more privileged file via SYSTEM privileges. | 6.0 |
| 2022-09-26 | CVE-2021-41437 | Injection vulnerability in Asus Rt-Ax88U Firmware An HTTP response splitting attack in web application in ASUS RT-AX88U before v3.0.0.4.388.20558 allows an attacker to craft a specific URL that if an authenticated victim visits it, the URL will give access to the cloud storage of the attacker. | 6.5 |
| 2022-07-01 | CVE-2022-32988 | Cross-site Scripting vulnerability in Asus Dsl-N14U-B1 Firmware 1.1.2.3805 Cross Site Scripting (XSS) vulnerability in router Asus DSL-N14U-B1 1.1.2.3_805 via the "*list" parameters (e.g. | 5.4 |
| 2022-06-20 | CVE-2022-26668 | Incorrect Authorization vulnerability in Asus Control Center 1.4.2.5 ASUS Control Center API has a broken access control vulnerability. | 6.5 |
| 2022-06-20 | CVE-2022-26669 | SQL Injection vulnerability in Asus Control Center 1.4.2.5 ASUS Control Center is vulnerable to SQL injection. | 6.5 |
| 2022-04-07 | CVE-2022-25595 | Improper Input Validation vulnerability in Asus Rt-Ac86U Firmware 3.0.0.4.386.45956 ASUS RT-AC86U has improper user request handling, which allows an unauthenticated LAN attacker to cause a denial of service by sending particular request a server-to-client reply attempt. | 6.5 |