Vulnerabilities > Asus > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-08-26 | CVE-2020-15499 | Cross-site Scripting vulnerability in Asus Rt-Ac1900P Firmware 3.0.0.4.385.10000/3.0.0.4.385.20252 An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_20253. | 6.1 |
2020-08-26 | CVE-2020-15498 | Improper Certificate Validation vulnerability in Asus Rt-Ac1900P Firmware 3.0.0.4.385.10000/3.0.0.4.385.20252 An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_20253. | 5.9 |
2020-02-27 | CVE-2018-8878 | Information Exposure vulnerability in multiple products Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network devices' hostnames and MAC addresses by reading the custom_id variable on the blocking.asp page. | 5.3 |
2020-02-27 | CVE-2018-8877 | Information Exposure vulnerability in multiple products Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network IP address ranges by reading the new_lan_ip variable on the error_page.htm page. | 5.3 |
2020-01-28 | CVE-2020-7997 | Cross-site Scripting vulnerability in Asus Rt-Ac66U Firmware 3.0.0.4.37267 ASUS WRT-AC66U 3 RT 3.0.0.4.372_67 devices allow XSS via the Client Name field to the Parental Control feature. | 6.1 |
2019-11-14 | CVE-2019-15392 | Unspecified vulnerability in Asus Zenfone 4 Selfie Firmware The Asus ZenFone 4 Selfie Android device with a build fingerprint of Android/sdm660_64/sdm660_64:8.1.0/OPM1/14.2016.1802.247-20180419:user/release-keys contains a pre-installed app with a package name of com.log.logservice app (versionCode=1, versionName=1) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 5.5 |
2019-11-14 | CVE-2019-15391 | Unspecified vulnerability in Asus Zenfone 4 Selfie Firmware The Asus ZenFone 4 Selfie Android device with a build fingerprint of asus/WW_Phone/ASUS_X00LD_1:8.1.0/OPM1.171019.011/15.0400.1809.405-0:user/release-keys contains a pre-installed app with a package name of com.log.logservice app (versionCode=1, versionName=1) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | 5.5 |
2019-10-20 | CVE-2019-18216 | Unspecified vulnerability in Asus ROG Zephyrus M Gm501Gs Firmware The BIOS configuration design on ASUS ROG Zephyrus M GM501GS laptops with BIOS 313 relies on the main battery instead of using a CMOS battery, which reduces the value of a protection mechanism in which booting from a USB device is prohibited. low complexity asus | 6.8 |
2019-05-13 | CVE-2018-14712 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Asus Rt-Ac3200 Firmware 3.0.0.4.382.50010 Buffer overflow in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to inject system commands via the "hook" URL parameter. | 6.5 |
2019-05-13 | CVE-2018-14711 | Cross-Site Request Forgery (CSRF) vulnerability in Asus Rt-Ac3200 Firmware 3.0.0.4.382.50010 Missing cross-site request forgery protection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to cause state-changing actions with specially crafted URLs. | 6.5 |