Vulnerabilities > Asus > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-31 | CVE-2023-34360 | Cross-site Scripting vulnerability in Asus Rt-Ax88U Firmware A stored cross-site scripting (XSS) issue was discovered within the Custom User Icons functionality of ASUS RT-AX88U running firmware versions 3.0.0.4.388.23110 and prior. After a remote attacker logging in device with regular user privilege, the remote attacker can perform a Stored Cross-site Scripting (XSS) attack by uploading image which containing JavaScript code. | 5.4 |
| 2023-06-13 | CVE-2023-31195 | Cleartext Transmission of Sensitive Information vulnerability in Asus Rt-Ax3000 Firmware 3.0.0.4.38410177/3.0.0.4.386.46061 ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 uses sensitive cookies without 'Secure' attribute. | 5.3 |
| 2023-06-12 | CVE-2023-34941 | Cross-site Scripting vulnerability in Asus Rt-N10Lx Firmware 2.0.0.39 A stored cross-site scripting (XSS) vulnerability in the urlFilterList function of Asus RT-N10LX Router v2.0.0.39 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL Keyword List text field. | 5.4 |
| 2023-05-02 | CVE-2023-29772 | Cross-site Scripting vulnerability in Asus Rt-Ac51U Firmware 3.0.0.4.380.8228 A Cross-site scripting (XSS) vulnerability in the System Log/General Log page of the administrator web UI in ASUS RT-AC51U wireless router firmware version up to and including 3.0.0.4.380.8591 allows remote attackers to inject arbitrary web script or HTML via a malicious network request. | 5.2 |
| 2022-10-18 | CVE-2022-36439 | Unspecified vulnerability in Asus products AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal computers (running Windows) allows a local user to write into the Temp directory and delete another more privileged file via SYSTEM privileges. | 6.0 |
| 2022-09-28 | CVE-2022-38699 | Link Following vulnerability in Asus Armoury Crate Service Armoury Crate Service’s logging function has insufficient validation to check if the log file is a symbolic link. | 5.9 |
| 2022-09-26 | CVE-2021-41437 | Injection vulnerability in Asus Rt-Ax88U Firmware An HTTP response splitting attack in web application in ASUS RT-AX88U before v3.0.0.4.388.20558 allows an attacker to craft a specific URL that if an authenticated victim visits it, the URL will give access to the cloud storage of the attacker. | 6.5 |
| 2022-06-20 | CVE-2022-26668 | Incorrect Authorization vulnerability in Asus Control Center 1.4.2.5 ASUS Control Center API has a broken access control vulnerability. | 6.4 |
| 2022-06-20 | CVE-2022-26669 | SQL Injection vulnerability in Asus Control Center 1.4.2.5 ASUS Control Center is vulnerable to SQL injection. | 4.0 |
| 2022-04-07 | CVE-2022-23970 | Path Traversal vulnerability in Asus Rt-Ax56U Firmware 3.0.0.4.386.45898 ASUS RT-AX56U’s update_json function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. | 4.8 |