VYPR

RT-AX55

by Asus

CVEs (10)

  • CVE-2024-0401HigMay 20, 2024
    Asus
    ExpertWiFi
    risk 0.47cvss 7.2epss 0.03

    ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. An authenticated and remote attacker can execute arbitrary operating system commands by uploading a crafted OVPN profile. Known affected routers include ASUS ExpertWiFi, ASUS…

  • CVE-2023-39780KEVSep 11, 2023
    Asus
    RT-AX55
    risk 0.15cvss epss 0.47

    On ASUS RT-AX55 3.0.0.4.386.51598 devices, authenticated attackers can perform OS command injection via the /start_apply.htm qos_bw_rulelist parameter. NOTE: for the similar "token-generated module" issue, see CVE-2023-41345; for the similar "token-refresh module" issue, see…

  • CVE-2023-41348Nov 3, 2023
    Asus
    RT-AX55
    risk 0.00cvss epss 0.01

    ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its code-authentication module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary…

  • CVE-2023-41347Nov 3, 2023
    Asus
    RT-AX55
    risk 0.00cvss epss 0.01

    ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its check token module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary…

  • CVE-2023-41346Nov 3, 2023
    Asus
    RT-AX55
    risk 0.00cvss epss 0.01

    ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-refresh module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary…

  • CVE-2023-41345Nov 3, 2023
    Asus
    RT-AX55
    risk 0.00cvss epss 0.01

    ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-generated module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary…

  • CVE-2023-39240Sep 7, 2023
    Asus
    RT-AX56U V2
    risk 0.00cvss epss 0.01

    It is identified a format string vulnerability in ASUS RT-AX56U V2’s iperf client function API. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_cli.cgi module. A remote attacker with administrator privilege can exploit this…

  • CVE-2023-39239Sep 7, 2023
    Asus
    RT-AX56U V2
    risk 0.00cvss epss 0.01

    It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API. This vulnerability is caused by lacking validation for a specific value within its apply.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to…

  • CVE-2023-39238Sep 7, 2023
    Asus
    RT-AX56U V2
    risk 0.00cvss epss 0.05

    It is identified a format string vulnerability in ASUS RT-AX56U V2. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_svr.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote…

  • CVE-2021-37910Nov 12, 2021
    Asus
    RT-AX55
    risk 0.00cvss epss 0.04

    ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has improper control of Interaction frequency vulnerability, an unauthenticated attacker can remotely disconnect other users' connections by sending specially crafted SAE authentication frames.