Vulnerabilities > Asus > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-04-22 | CVE-2014-2925 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in Advanced_Wireless_Content.asp in ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote attackers to inject arbitrary web script or HTML via the current_page parameter to apply.cgi. | 4.3 |
2014-04-22 | CVE-2014-2719 | Information Exposure vulnerability in multiple products Advanced_System_Content.asp in the ASUS RT series routers with firmware before 3.0.0.4.374.5517, when an administrator session is active, allows remote authenticated users to obtain the administrator user name and password by reading the source code. | 6.3 |
2014-01-15 | CVE-2013-7293 | Improper Access Control vulnerability in Asus Wl-330Nul The ASUS WL-330NUL router has a configuration process that relies on accessing the 192.168.1.1 IP address, but the documentation advises users to instead access a DNS hostname that does not always resolve to 192.168.1.1, which makes it easier for remote attackers to hijack the configuration traffic by controlling the server associated with that hostname. | 5.0 |
2013-10-05 | CVE-2013-3610 | Improper Authentication vulnerability in Asus Rt-N10E and Rt-N10E Firmware qis/QIS_finish.htm on the ASUS RT-N10E router with firmware before 2.0.0.25 does not require authentication, which allows remote attackers to discover the administrator password via a direct request. | 6.1 |
2009-02-20 | CVE-2009-0656 | Credentials Management vulnerability in Asus Smartlogon 1.0.0005 Asus SmartLogon 1.0.0005 allows physically proximate attackers to bypass "security functions" by presenting an image with a modified viewpoint that matches the posture of a stored image of the authorized notebook user. | 6.9 |
2005-11-04 | CVE-2005-3490 | Directory Traversal vulnerability in Asus VideoSecurity Online Web Server Directory traversal vulnerability in the web server in Asus Video Security 3.5.0.0 and earlier allows remote attackers to read arbitrary files via "../" or "..\" sequences in the URL. | 5.0 |