Vulnerabilities > Asus > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-07 | CVE-2022-23971 | Path Traversal vulnerability in Asus Rt-Ax56U Firmware 3.0.0.4.386.45898 ASUS RT-AX56U’s update_PLC/PORT file has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. | 4.8 |
| 2022-04-07 | CVE-2022-23972 | SQL Injection vulnerability in Asus Rt-Ax56U Firmware 3.0.0.4.386.45898 ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation. | 5.8 |
| 2022-04-07 | CVE-2022-23973 | Out-of-bounds Write vulnerability in Asus Rt-Ax56U Firmware 3.0.0.4.386.45898 ASUS RT-AX56U’s user profile configuration function is vulnerable to stack-based buffer overflow due to insufficient validation for parameter length. | 5.8 |
| 2022-04-07 | CVE-2022-25595 | Improper Input Validation vulnerability in Asus Rt-Ac86U Firmware 3.0.0.4.386.45956 ASUS RT-AC86U has improper user request handling, which allows an unauthenticated LAN attacker to cause a denial of service by sending particular request a server-to-client reply attempt. | 6.1 |
| 2022-04-07 | CVE-2022-25596 | Out-of-bounds Write vulnerability in Asus Rt-Ac86U Firmware 3.0.0.4.386.45956 ASUS RT-AC56U’s configuration function has a heap-based buffer overflow vulnerability due to insufficient validation for the decryption parameter length, which allows an unauthenticated LAN attacker to execute arbitrary code, perform arbitrary operations and disrupt service. | 5.8 |
| 2022-02-17 | CVE-2021-46247 | Use of Hard-coded Credentials vulnerability in Asus Cmax6000 Firmware 1.02.00 The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from ASUS CMAX6000 v1.02.00. | 5.0 |
| 2022-01-03 | CVE-2021-46109 | Cross-site Scripting vulnerability in Asus Rt-Ac52U B1 Firmware 3.0.0.4.380.10931 Invalid input sanitizing leads to reflected Cross Site Scripting (XSS) in ASUS RT-AC52U_B1 3.0.0.4.380.10931 can lead to a user session hijack. | 4.3 |
| 2021-11-12 | CVE-2021-37910 | Improper Control of Interaction Frequency vulnerability in Asus products ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has improper control of Interaction frequency vulnerability, an unauthenticated attacker can remotely disconnect other users' connections by sending specially crafted SAE authentication frames. | 5.0 |
| 2021-10-18 | CVE-2021-42055 | Incorrect Default Permissions vulnerability in Asus Ux582Lr Firmware ASUSTek ZenBook Pro Due 15 UX582 laptop firmware through 203 has Insecure Permissions that allow attacks by a physically proximate attacker. | 4.6 |
| 2021-09-27 | CVE-2021-40981 | Uncontrolled Search Path Element vulnerability in Asus Armoury Crate Lite Service ASUS ROG Armoury Crate Lite before 4.2.10 allows local users to gain privileges by placing a Trojan horse file in the publicly writable %PROGRAMDATA%\ASUS\GamingCenterLib directory. | 4.4 |