Vulnerabilities > Asus > RT Ax88U Firmware > 3.0.0.4.384.5329
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-18 | CVE-2023-41349 | Use of Externally-Controlled Format String vulnerability in Asus Rt-Ax88U Firmware ASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. | 8.8 |
2023-07-31 | CVE-2023-34360 | Cross-site Scripting vulnerability in Asus Rt-Ax88U Firmware A stored cross-site scripting (XSS) issue was discovered within the Custom User Icons functionality of ASUS RT-AX88U running firmware versions 3.0.0.4.388.23110 and prior. After a remote attacker logging in device with regular user privilege, the remote attacker can perform a Stored Cross-site Scripting (XSS) attack by uploading image which containing JavaScript code. | 5.4 |
2023-07-31 | CVE-2023-34358 | Out-of-bounds Read vulnerability in Asus Rt-Ax88U Firmware ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. | 7.5 |
2023-07-31 | CVE-2023-34359 | Out-of-bounds Read vulnerability in Asus Rt-Ax88U Firmware ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. | 7.5 |
2022-09-26 | CVE-2021-41437 | Injection vulnerability in Asus Rt-Ax88U Firmware An HTTP response splitting attack in web application in ASUS RT-AX88U before v3.0.0.4.388.20558 allows an attacker to craft a specific URL that if an authenticated victim visits it, the URL will give access to the cloud storage of the attacker. | 6.5 |
2022-04-22 | CVE-2022-26673 | Cross-site Scripting vulnerability in Asus Rt-Ax88U Firmware ASUS RT-AX88U has insufficient filtering for special characters in the HTTP header parameter. | 3.5 |
2022-04-22 | CVE-2022-26674 | Use of Externally-Controlled Format String vulnerability in Asus Rt-Ax88U Firmware ASUS RT-AX88U has a Format String vulnerability, which allows an unauthenticated remote attacker to write to arbitrary memory address and perform remote arbitrary code execution, arbitrary system operation or disrupt service. | 7.5 |