Vulnerabilities > Asus > RT Ax56U Firmware > 3.0.0.4.386.45898

DATE CVE VULNERABILITY TITLE RISK
2022-08-05 CVE-2022-26376 Out-of-bounds Write vulnerability in multiple products
A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7..
network
low complexity
asus asuswrt-merlin CWE-787
critical
 9.8
9.8
2022-04-07 CVE-2022-23970 Path Traversal vulnerability in Asus Rt-Ax56U Firmware 3.0.0.4.386.45898
ASUS RT-AX56U’s update_json function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter.
low complexity
asus CWE-22
4.8
4.8
2022-04-07 CVE-2022-23971 Path Traversal vulnerability in Asus Rt-Ax56U Firmware 3.0.0.4.386.45898
ASUS RT-AX56U’s update_PLC/PORT file has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter.
low complexity
asus CWE-22
4.8
4.8
2022-04-07 CVE-2022-23972 SQL Injection vulnerability in Asus Rt-Ax56U Firmware 3.0.0.4.386.45898
ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation.
low complexity
asus CWE-89
5.8
5.8
2022-04-07 CVE-2022-23973 Out-of-bounds Write vulnerability in Asus Rt-Ax56U Firmware 3.0.0.4.386.45898
ASUS RT-AX56U’s user profile configuration function is vulnerable to stack-based buffer overflow due to insufficient validation for parameter length.
low complexity
asus CWE-787
5.8
5.8