Vulnerabilities > Asus > RT Ax56U Firmware

DATE CVE VULNERABILITY TITLE RISK
2022-10-06 CVE-2021-40556 Out-of-bounds Write vulnerability in Asus Rt-Ax56U Firmware 3.0.0.4.386.44266
A stack overflow vulnerability exists in the httpd service in ASUS RT-AX56U Router Version 3.0.0.4.386.44266.
network
low complexity
asus CWE-787
8.8
8.8
2022-08-05 CVE-2022-26376 Out-of-bounds Write vulnerability in multiple products
A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7..
network
low complexity
asus asuswrt-merlin CWE-787
critical
 9.8
9.8
2022-07-05 CVE-2021-43702 Cross-site Scripting vulnerability in Asus products
ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS).
network
asus CWE-79
3.5
3.5
2022-04-07 CVE-2022-23970 Path Traversal vulnerability in Asus Rt-Ax56U Firmware 3.0.0.4.386.45898
ASUS RT-AX56U’s update_json function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter.
low complexity
asus CWE-22
4.8
4.8
2022-04-07 CVE-2022-23971 Path Traversal vulnerability in Asus Rt-Ax56U Firmware 3.0.0.4.386.45898
ASUS RT-AX56U’s update_PLC/PORT file has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter.
low complexity
asus CWE-22
4.8
4.8
2022-04-07 CVE-2022-23972 SQL Injection vulnerability in Asus Rt-Ax56U Firmware 3.0.0.4.386.45898
ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation.
low complexity
asus CWE-89
5.8
5.8
2022-04-07 CVE-2022-23973 Out-of-bounds Write vulnerability in Asus Rt-Ax56U Firmware 3.0.0.4.386.45898
ASUS RT-AX56U’s user profile configuration function is vulnerable to stack-based buffer overflow due to insufficient validation for parameter length.
low complexity
asus CWE-787
5.8
5.8
2022-01-14 CVE-2022-22054 Path Traversal vulnerability in Asus Rt-Ax56U Firmware 3.0.0.4.386.44266
ASUS RT-AX56U’s login function contains a path traversal vulnerability due to its inadequate filtering for special characters in URL parameters, which allows an unauthenticated local area network attacker to access restricted system paths and download arbitrary files.
low complexity
asus CWE-22
3.3
3.3
2022-01-03 CVE-2021-44158 Improper Validation of Specified Quantity in Input vulnerability in Asus Rt-Ax56U Firmware 3.0.0.4.386.44266
ASUS RT-AX56U Wi-Fi Router is vulnerable to stack-based buffer overflow due to improper validation for httpd parameter length.
low complexity
asus CWE-1284
8.0
8.0
2021-11-19 CVE-2021-41435 Improper Restriction of Excessive Authentication Attempts vulnerability in Asus products
A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request.
network
low complexity
asus CWE-307
critical
 10.0
10