VYPR
Vendor

Asus

Products
310
CVEs
285
Across products
207
Status
Private

Products

310
View all 310 products →

Recent CVEs

285
View all 285 CVEs →
  • CVE-2018-6000CriJan 22, 2018
    risk 0.73cvss 9.8epss 0.84

    An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpnupload.cgi provides functionality for setting NVRAM configuration values, which allows attackers to set the admin password and launch an SSH daemon (or enable…

  • CVE-2024-3080CriJun 14, 2024
    risk 0.68cvss 9.8epss 0.43

    Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device.

  • CVE-2013-4659CriMar 14, 2017
    risk 0.68cvss 9.8epss 0.14

    Buffer overflow in Broadcom ACSD allows remote attackers to execute arbitrary code via a long string to TCP port 5916. This component is used on routers of multiple vendors including ASUS RT-AC66U and TRENDnet TEW-812DRU.

  • CVE-2017-6548CriMar 9, 2017
    risk 0.68cvss 9.8epss 0.21

    Buffer overflows in networkmap on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with…

  • CVE-2024-42757CriAug 15, 2024
    risk 0.64cvss 9.8epss 0.01

    Command injection vulnerability in Asus RT-N15U 3.0.0.4.376_3754 allows a remote attacker to execute arbitrary code via the netstat function page.

  • CVE-2024-33278CriJun 24, 2024
    risk 0.64cvss 9.8epss 0.01

    Buffer Overflow vulnerability in ASUS router RT-AX88U with firmware versions v3.0.0.4.388_24198 allows a remote attacker to execute arbitrary code via the connection_state_machine due to improper length validation for the cookie field.

  • CVE-2024-30804CriApr 26, 2024
    risk 0.64cvss 9.8epss 0.01

    An issue discovered in the DeviceIoControl component in ASUS Fan_Xpert before v.10013 allows an attacker to execute arbitrary code via crafted IOCTL requests.

  • CVE-2018-11491CriJul 25, 2018
    risk 0.64cvss 9.8epss 0.07

    ASUS HG100 devices with firmware before 1.05.12 allow unauthenticated access, leading to remote command execution.

  • CVE-2016-6558CriJul 13, 2018
    risk 0.64cvss 9.8epss 0.04

    A command injection vulnerability exists in apply.cgi on the ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, web interface specifically in the action_script parameter. The action_script parameter specifies a script to be executed if the action_mode…

  • CVE-2018-8826CriApr 20, 2018
    risk 0.64cvss 9.8epss 0.04

    ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13, and RT-N12 D1 routers with firmware before 3.0.0.4.380.8228; RT-AC52U B1, RT-AC1200 and RT-N600 routers with firmware before 3.0.0.4.380.10446; RT-AC55U and RT-AC55UHP routers with firmware before 3.0.0.4.382.50276;…

  • CVE-2018-9285CriApr 4, 2018
    risk 0.64cvss 9.8epss 0.04

    Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.384_10007; RT-N18U devices before 3.0.0.4.382.39935; RT-AC87U and RT-AC3200 devices before 3.0.0.4.382.50010; and RT-AC5300 devices…

  • CVE-2017-14698CriJan 29, 2018
    risk 0.64cvss 9.8epss 0.01

    ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote attackers to change passwords of arbitrary users via the http_passwd…

  • CVE-2017-11420CriJul 18, 2017
    risk 0.64cvss 9.8epss 0.06

    Stack-based buffer overflow in ASUS_Discovery.c in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U,…

  • CVE-2017-15655CriJan 31, 2018
    risk 0.63cvss 9.6epss 0.03

    Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version <=3.0.0.4.376.X. All have been fixed in version 3.0.0.4.378, but this vulnerability was not previously disclosed. Some end-of-life routers have this version as the newest and thus are…

  • CVE-2025-3463CriMay 9, 2025
    risk 0.61cvss epss 0.01

    "This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests. Refer to the 'Security Update…

  • CVE-2017-6549HigMar 9, 2017
    risk 0.61cvss 8.8epss 0.08

    Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers…

  • CVE-2025-59366CriNov 25, 2025
    risk 0.60cvss epss 0.15

    An authentication-bypass vulnerability exists in AiCloud. This vulnerability can be triggered by an unintended side effect of the Samba functionality, potentially leading to allow execution of specific functions without proper authorization. Refer to the Security Update for…

  • CVE-2025-2492CriApr 18, 2025
    risk 0.60cvss epss 0.01

    An improper authentication control vulnerability exists in AiCloud. This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions. Refer to the 'ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for…

  • CVE-2018-15887HigAug 27, 2018
    risk 0.58cvss 8.8epss 0.04

    Main_Analysis_Content.asp in ASUS DSL-N12E_C1 1.1.2.3_345 is prone to Authenticated Remote Command Execution, which allows a remote attacker to execute arbitrary OS commands via service parameters, such as shell metacharacters in the destIP parameter of a cmdMethod=ping request.

  • CVE-2025-15101HigMar 26, 2026
    risk 0.57cvss 8.8epss 0.01

    An OS command injection vulnerability in the web management interface of certain ASUS router models allows remote authenticated administrators to execute arbitrary system commands via a crafted parameter. Refer to the 'Security Update for ASUS Router Firmware' section on the…