Vulnerabilities > Asus > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-08-26 CVE-2020-15499 Cross-site Scripting vulnerability in Asus Rt-Ac1900P Firmware 3.0.0.4.385.10000/3.0.0.4.385.20252
An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_20253.
network
low complexity
asus CWE-79
6.1
2020-08-26 CVE-2020-15498 Improper Certificate Validation vulnerability in Asus Rt-Ac1900P Firmware 3.0.0.4.385.10000/3.0.0.4.385.20252
An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_20253.
network
high complexity
asus CWE-295
5.9
2020-02-27 CVE-2018-8878 Information Exposure vulnerability in multiple products
Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network devices' hostnames and MAC addresses by reading the custom_id variable on the blocking.asp page.
network
low complexity
asuswrt-merlin asus CWE-200
5.3
2020-02-27 CVE-2018-8877 Information Exposure vulnerability in multiple products
Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network IP address ranges by reading the new_lan_ip variable on the error_page.htm page.
network
low complexity
asus asuswrt-merlin CWE-200
5.3
2020-01-28 CVE-2020-7997 Cross-site Scripting vulnerability in Asus Rt-Ac66U Firmware 3.0.0.4.37267
ASUS WRT-AC66U 3 RT 3.0.0.4.372_67 devices allow XSS via the Client Name field to the Parental Control feature.
network
low complexity
asus CWE-79
6.1
2019-11-14 CVE-2019-15392 Unspecified vulnerability in Asus Zenfone 4 Selfie Firmware
The Asus ZenFone 4 Selfie Android device with a build fingerprint of Android/sdm660_64/sdm660_64:8.1.0/OPM1/14.2016.1802.247-20180419:user/release-keys contains a pre-installed app with a package name of com.log.logservice app (versionCode=1, versionName=1) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.
local
low complexity
asus
5.5
2019-11-14 CVE-2019-15391 Unspecified vulnerability in Asus Zenfone 4 Selfie Firmware
The Asus ZenFone 4 Selfie Android device with a build fingerprint of asus/WW_Phone/ASUS_X00LD_1:8.1.0/OPM1.171019.011/15.0400.1809.405-0:user/release-keys contains a pre-installed app with a package name of com.log.logservice app (versionCode=1, versionName=1) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.
local
low complexity
asus
5.5
2019-10-20 CVE-2019-18216 Unspecified vulnerability in Asus ROG Zephyrus M Gm501Gs Firmware
The BIOS configuration design on ASUS ROG Zephyrus M GM501GS laptops with BIOS 313 relies on the main battery instead of using a CMOS battery, which reduces the value of a protection mechanism in which booting from a USB device is prohibited.
low complexity
asus
6.8
2019-05-13 CVE-2018-14712 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Asus Rt-Ac3200 Firmware 3.0.0.4.382.50010
Buffer overflow in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to inject system commands via the "hook" URL parameter.
network
low complexity
asus CWE-119
6.5
2019-05-13 CVE-2018-14711 Cross-Site Request Forgery (CSRF) vulnerability in Asus Rt-Ac3200 Firmware 3.0.0.4.382.50010
Missing cross-site request forgery protection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to cause state-changing actions with specially crafted URLs.
network
low complexity
asus CWE-352
6.5