Vulnerabilities > Asus > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-01-14 CVE-2022-22054 Path Traversal vulnerability in Asus Rt-Ax56U Firmware 3.0.0.4.386.44266
ASUS RT-AX56U’s login function contains a path traversal vulnerability due to its inadequate filtering for special characters in URL parameters, which allows an unauthenticated local area network attacker to access restricted system paths and download arbitrary files.
low complexity
asus CWE-22
6.5
2022-01-03 CVE-2021-46109 Cross-site Scripting vulnerability in Asus Rt-Ac52U B1 Firmware 3.0.0.4.380.10931
Invalid input sanitizing leads to reflected Cross Site Scripting (XSS) in ASUS RT-AC52U_B1 3.0.0.4.380.10931 can lead to a user session hijack.
network
low complexity
asus CWE-79
6.1
2021-11-12 CVE-2021-37910 Unspecified vulnerability in Asus products
ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has improper control of Interaction frequency vulnerability, an unauthenticated attacker can remotely disconnect other users' connections by sending specially crafted SAE authentication frames.
network
low complexity
asus
5.3
2021-10-18 CVE-2021-42055 Incorrect Default Permissions vulnerability in Asus Ux582Lr Firmware 302
ASUSTek ZenBook Pro Due 15 UX582 laptop firmware through 203 has Insecure Permissions that allow attacks by a physically proximate attacker.
low complexity
asus CWE-276
6.8
2021-04-08 CVE-2021-28686 Out-of-bounds Write vulnerability in Asus Gputweak II
AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow low-privileged users to trigger a stack-based buffer overflow.
local
low complexity
asus CWE-787
5.5
2021-04-06 CVE-2021-28209 Path Traversal vulnerability in Asus products
The specific function in ASUS BMC’s firmware Web management page (Delete video file function) does not filter the specific parameter.
network
low complexity
asus CWE-22
4.9
2021-04-06 CVE-2021-28208 Path Traversal vulnerability in Asus products
The specific function in ASUS BMC’s firmware Web management page (Get video file function) does not filter the specific parameter.
network
low complexity
asus CWE-22
4.9
2021-04-06 CVE-2021-28207 Path Traversal vulnerability in Asus products
The specific function in ASUS BMC’s firmware Web management page (Get Help file function) does not filter the specific parameter.
network
low complexity
asus CWE-22
4.9
2021-04-06 CVE-2021-28206 Path Traversal vulnerability in Asus products
The specific function in ASUS BMC’s firmware Web management page (Record video file function) does not filter the specific parameter.
network
low complexity
asus CWE-22
4.9
2021-04-06 CVE-2021-28205 Path Traversal vulnerability in Asus products
The specific function in ASUS BMC’s firmware Web management page (Delete SOL video file function) does not filter the specific parameter.
network
low complexity
asus CWE-22
4.9