Vulnerabilities > Asus > RT Ac68U Firmware > 3.0.0.4.374.4755

DATE CVE VULNERABILITY TITLE RISK
2023-02-03 CVE-2021-37315 Use of Incorrectly-Resolved Name or Reference vulnerability in Asus Rt-Ac68U Firmware
Incorrect Access Control issue discoverd in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the source for COPY and MOVE operations.
network
low complexity
asus CWE-706
critical
 9.1
9.1
2023-02-03 CVE-2021-37316 SQL Injection vulnerability in Asus Rt-Ac68U Firmware
SQL injection vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to view sensitive information via /etc/shadow.
network
low complexity
asus CWE-89
7.5
7.5
2023-02-03 CVE-2021-37317 Path Traversal vulnerability in Asus Rt-Ac68U Firmware
Directory Traversal vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the target for COPY and MOVE operations.
network
low complexity
asus CWE-22
critical
 9.1
9.1
2022-03-23 CVE-2021-45756 Classic Buffer Overflow vulnerability in Asus Rt-Ac5300 Firmware and Rt-Ac68U Firmware
Asus RT-AC68U <3.0.0.4.385.20633 and RT-AC5300 <3.0.0.4.384.82072 are affected by a buffer overflow in blocking_request.cgi.
network
low complexity
asus CWE-120
critical
 9.8
9.8
2022-03-23 CVE-2021-45757 Classic Buffer Overflow vulnerability in Asus Rt-Ac68U Firmware
ASUS AC68U <=3.0.0.4.385.20852 is affected by a buffer overflow in blocking.cgi, which may cause a denial of service (DoS).
network
low complexity
asus CWE-120
7.5
7.5
2018-05-14 CVE-2018-0582 Cross-site Scripting vulnerability in Asus Rt-Ac68U Firmware
Cross-site scripting vulnerability in ASUS RT-AC68U Firmware version prior to 3.0.0.4.380.1031 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
asus CWE-79
4.3
4.3
2018-04-04 CVE-2018-9285 OS Command Injection vulnerability in Asus products
Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.384_10007; RT-N18U devices before 3.0.0.4.382.39935; RT-AC87U and RT-AC3200 devices before 3.0.0.4.382.50010; and RT-AC5300 devices before 3.0.0.4.384.20287 allows OS command injection via the pingCNT and destIP fields of the SystemCmd variable.
network
low complexity
asus CWE-78
critical
 10.0
10
2015-02-01 CVE-2014-7270 Cross-Site Request Forgery (CSRF) vulnerability in Asus products
Cross-site request forgery (CSRF) vulnerability on ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allows remote attackers to hijack the authentication of arbitrary users.
network
asus CWE-352
6.8
6.8
2015-02-01 CVE-2014-7269 OS Command Injection vulnerability in Asus products
ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.
network
low complexity
asus CWE-78
6.5
6.5
2014-04-22 CVE-2014-2925 Cross-Site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in Advanced_Wireless_Content.asp in ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote attackers to inject arbitrary web script or HTML via the current_page parameter to apply.cgi.
network
t-mobile asus CWE-79
4.3
4.3