Vulnerabilities > Asus > RT Ac3200

DATE CVE VULNERABILITY TITLE RISK
2020-03-20 CVE-2018-20335 Improper Input Validation vulnerability in Asus Asuswrt 3.0.0.4.384.20308
An issue was discovered in ASUSWRT 3.0.0.4.384.20308.
network
low complexity
asus CWE-20
7.8
7.8
2020-03-20 CVE-2018-20334 OS Command Injection vulnerability in Asus Asuswrt 3.0.0.4.384.20308
An issue was discovered in ASUSWRT 3.0.0.4.384.20308.
network
low complexity
asus CWE-78
critical
 10.0
10
2020-03-20 CVE-2018-20333 Information Exposure vulnerability in Asus Asuswrt 3.0.0.4.384.20308
An issue was discovered in ASUSWRT 3.0.0.4.384.20308.
network
low complexity
asus CWE-200
5.0
5.0
2019-05-13 CVE-2018-14714 Unspecified vulnerability in Asus Rt-Ac3200 Firmware 3.0.0.4.382.50010
System command injection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute system commands via the "load_script" URL parameter.
network
low complexity
asus
critical
 10.0
10
2019-05-13 CVE-2018-14713 Use of Externally-Controlled Format String vulnerability in Asus Rt-Ac3200 Firmware 3.0.0.4.382.50010
Format string vulnerability in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to read arbitrary sections of memory and CPU registers via the "hook" URL parameter.
network
low complexity
asus CWE-134
5.5
5.5
2019-05-13 CVE-2018-14712 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Asus Rt-Ac3200 Firmware 3.0.0.4.382.50010
Buffer overflow in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to inject system commands via the "hook" URL parameter.
network
low complexity
asus CWE-119
4.0
4.0
2019-05-13 CVE-2018-14711 Cross-Site Request Forgery (CSRF) vulnerability in Asus Rt-Ac3200 Firmware 3.0.0.4.382.50010
Missing cross-site request forgery protection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to cause state-changing actions with specially crafted URLs.
network
asus CWE-352
4.3
4.3
2019-05-13 CVE-2018-14710 Cross-site Scripting vulnerability in Asus Rt-Ac3200 Firmware 3.0.0.4.382.50010
Cross-site scripting in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute JavaScript via the "hook" URL parameter.
network
asus CWE-79
4.3
4.3