Vulnerabilities > Asus > RT Ac86U Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-02 | CVE-2023-28703 | Stack-based Buffer Overflow vulnerability in Asus Rt-Ac86U Firmware 3.0.0.4.386.51255 ASUS RT-AC86U’s specific cgi function has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. | 7.2 |
| 2022-07-05 | CVE-2021-43702 | Cross-site Scripting vulnerability in Asus products ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). | 9.0 |
| 2022-04-07 | CVE-2022-25595 | Improper Input Validation vulnerability in Asus Rt-Ac86U Firmware 3.0.0.4.386.45956 ASUS RT-AC86U has improper user request handling, which allows an unauthenticated LAN attacker to cause a denial of service by sending particular request a server-to-client reply attempt. | 6.5 |
| 2022-04-07 | CVE-2022-25596 | Out-of-bounds Write vulnerability in Asus Rt-Ac86U Firmware 3.0.0.4.386.45956 ASUS RT-AC56U’s configuration function has a heap-based buffer overflow vulnerability due to insufficient validation for the decryption parameter length, which allows an unauthenticated LAN attacker to execute arbitrary code, perform arbitrary operations and disrupt service. | 8.8 |
| 2022-04-07 | CVE-2022-25597 | Unspecified vulnerability in Asus Rt-Ac86U Firmware 3.0.0.4.386.45956 ASUS RT-AC86U’s LPD service has insufficient filtering for special characters in the user request, which allows an unauthenticated LAN attacker to perform command injection attack, execute arbitrary commands and disrupt or terminate service. low complexity asus | 8.8 |
| 2021-04-12 | CVE-2021-3128 | Excessive Iteration vulnerability in Asus products In ASUS RT-AX3000, ZenWiFi AX (XT8), RT-AX88U, and other ASUS routers with firmware < 3.0.0.4.386.42095 or < 9.0.0.4.386.41994, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. | 7.5 |
| 2018-04-20 | CVE-2018-8826 | Improper Input Validation vulnerability in Asus products ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13, and RT-N12 D1 routers with firmware before 3.0.0.4.380.8228; RT-AC52U B1, RT-AC1200 and RT-N600 routers with firmware before 3.0.0.4.380.10446; RT-AC55U and RT-AC55UHP routers with firmware before 3.0.0.4.382.50276; RT-AC86U and RT-AC2900 routers with firmware before 3.0.0.4.384.20648; and possibly other RT-series routers allow remote attackers to execute arbitrary code via unspecified vectors. | 9.8 |
| 2018-04-04 | CVE-2018-9285 | OS Command Injection vulnerability in Asus products Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.384_10007; RT-N18U devices before 3.0.0.4.382.39935; RT-AC87U and RT-AC3200 devices before 3.0.0.4.382.50010; and RT-AC5300 devices before 3.0.0.4.384.20287 allows OS command injection via the pingCNT and destIP fields of the SystemCmd variable. | 9.8 |