Vulnerabilities > Asus > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-14 | CVE-2018-18291 | Cross-site Scripting vulnerability in Asus Rt-Ac58U Firmware 3.0.0.4.380.6516 A cross site scripting (XSS) vulnerability on ASUS RT-AC58U 3.0.0.4.380_6516 devices allows remote attackers to inject arbitrary web script or HTML via Advanced_ASUSDDNS_Content.asp, Advanced_WSecurity_Content.asp, Advanced_Wireless_Content.asp, Logout.asp, Main_Login.asp, MobileQIS_Login.asp, QIS_wizard.htma, YandexDNS.asp, ajax_status.xml, apply.cgi, clients.asp, disk.asp, disk_utility.asp, or internet.asp. | 4.3 |
| 2018-10-14 | CVE-2018-18287 | Information Exposure vulnerability in Asus Rt-Ac58U Firmware 3.0.0.4.380.6516 On ASUS RT-AC58U 3.0.0.4.380_6516 devices, remote attackers can discover hostnames and IP addresses by reading dhcpLeaseInfo data in the HTML source code of the Main_Login.asp page. | 5.0 |
| 2018-09-13 | CVE-2018-17023 | Cross-Site Request Forgery (CSRF) vulnerability in Asus Gt-Ac5300 Firmware Cross-site request forgery (CSRF) vulnerability on ASUS GT-AC5300 routers with firmware through 3.0.0.4.384_32738 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request to start_apply.htm. | 6.8 |
| 2018-09-13 | CVE-2018-17021 | Cross-site Scripting vulnerability in Asus Gt-Ac5300 Firmware Cross-site scripting (XSS) vulnerability on ASUS GT-AC5300 devices with firmware through 3.0.0.4.384_32738 allows remote attackers to inject arbitrary web script or HTML via the appGet.cgi hook parameter. | 4.3 |
| 2018-09-07 | CVE-2018-0647 | Cross-Site Request Forgery (CSRF) vulnerability in Asus Wl-330Nul Firmware 3.0.0.41 Cross-site request forgery (CSRF) vulnerability in WL-330NUL Firmware version prior to 3.0.0.46 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 6.8 |
| 2018-08-27 | CVE-2018-15887 | OS Command Injection vulnerability in Asus Dsl-N12E C1 Firmware 1.1.2.3345 Main_Analysis_Content.asp in ASUS DSL-N12E_C1 1.1.2.3_345 is prone to Authenticated Remote Command Execution, which allows a remote attacker to execute arbitrary OS commands via service parameters, such as shell metacharacters in the destIP parameter of a cmdMethod=ping request. | 6.5 |
| 2018-07-13 | CVE-2016-6557 | Cross-Site Request Forgery (CSRF) vulnerability in Asus products In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. | 6.8 |
| 2018-05-14 | CVE-2018-0583 | Cross-site Scripting vulnerability in Asus Rt-Ac1200Hp Firmware Cross-site scripting vulnerability in ASUS RT-AC1200HP Firmware version prior to 3.0.0.4.380.4180 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2018-05-14 | CVE-2018-0582 | Cross-site Scripting vulnerability in Asus Rt-Ac68U Firmware Cross-site scripting vulnerability in ASUS RT-AC68U Firmware version prior to 3.0.0.4.380.1031 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2018-05-14 | CVE-2018-0581 | Cross-site Scripting vulnerability in Asus Rt-Ac87U Firmware 3.0.0.4.378.3754 Cross-site scripting vulnerability in ASUS RT-AC87U Firmware version prior to 3.0.0.4.378.9383 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |