Vulnerabilities > Use of Externally-Controlled Format String
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-18 | CVE-2023-41349 | Use of Externally-Controlled Format String vulnerability in Asus Rt-Ax88U Firmware ASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. | 8.8 |
| 2023-09-07 | CVE-2023-39238 | Use of Externally-Controlled Format String vulnerability in Asus products It is identified a format string vulnerability in ASUS RT-AX56U V2. | 9.8 |
| 2023-09-07 | CVE-2023-39239 | Use of Externally-Controlled Format String vulnerability in Asus products It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API. | 9.8 |
| 2023-09-07 | CVE-2023-39240 | Use of Externally-Controlled Format String vulnerability in Asus products It is identified a format string vulnerability in ASUS RT-AX56U V2’s iperf client function API. | 9.8 |
| 2023-09-04 | CVE-2023-4746 | Use of Externally-Controlled Format String vulnerability in Totolink N200Re-V5 Firmware 9.3.5U.6437B20230519 A vulnerability classified as critical has been found in TOTOLINK N200RE V5 9.3.5u.6437_B20230519. | 8.8 |
| 2023-07-21 | CVE-2023-35087 | Use of Externally-Controlled Format String vulnerability in Asus Rt-Ac86U Firmware and Rt-Ax56U V2 Firmware It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. | 9.8 |
| 2023-07-21 | CVE-2023-35086 | Use of Externally-Controlled Format String vulnerability in Asus Rt-Ac86U Firmware and Rt-Ax56U V2 Firmware It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. | 9.8 |
| 2023-07-17 | CVE-2023-33011 | Use of Externally-Controlled Format String vulnerability in Zyxel products A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted PPPoE configuration on an affected device when the cloud management mode is enabled. | 8.8 |
| 2023-06-13 | CVE-2022-43953 | Use of Externally-Controlled Format String vulnerability in Fortinet Fortios and Fortiproxy A use of externally-controlled format string in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS all versions 7.0, FortiOS all versions 6.4, FortiOS all versions 6.2, FortiProxy version 7.2.0 through 7.2.1, FortiProxy version 7.0.0 through 7.0.7 allows attacker to execute unauthorized code or commands via specially crafted commands. | 7.8 |
| 2023-06-07 | CVE-2023-2186 | Use of Externally-Controlled Format String vulnerability in Trianglemicroworks Scada Data Gateway On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send a specially crafted broadcast message including format string characters to the SCADA Data Gateway to perform unrestricted memory reads.An unauthenticated user can use this format string vulnerability to repeatedly crash the GTWWebMonitor.exe process to DoS the Web Monitor. | 9.8 |