Asus
Products
310- 15 CVEs
- 14 CVEs
- 13 CVEs
- 11 CVEs
- 10 CVEs
- 9 CVEs
- 9 CVEs
- 8 CVEs
- 7 CVEs
- 7 CVEs
- 7 CVEs
- 7 CVEs
- 6 CVEs
- 6 CVEs
- 6 CVEs
- 6 CVEs
- 6 CVEs
- 6 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- View all 310 products →
Recent CVEs
285| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-6000 | Cri | 0.73 | 9.8 | 0.84 | Jan 22, 2018 | An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpnupload.cgi provides functionality for setting NVRAM configuration values, which allows attackers to set the admin password and launch an SSH daemon (or enable… | ||
| CVE-2024-3080 | Cri | 0.68 | 9.8 | 0.43 | Jun 14, 2024 | Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device. | ||
| CVE-2013-4659 | Cri | 0.68 | 9.8 | 0.14 | Mar 14, 2017 | Buffer overflow in Broadcom ACSD allows remote attackers to execute arbitrary code via a long string to TCP port 5916. This component is used on routers of multiple vendors including ASUS RT-AC66U and TRENDnet TEW-812DRU. | ||
| CVE-2017-6548 | Cri | 0.68 | 9.8 | 0.21 | Mar 9, 2017 | Buffer overflows in networkmap on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with… | ||
| CVE-2024-42757 | Cri | 0.64 | 9.8 | 0.01 | Aug 15, 2024 | Command injection vulnerability in Asus RT-N15U 3.0.0.4.376_3754 allows a remote attacker to execute arbitrary code via the netstat function page. | ||
| CVE-2024-33278 | Cri | 0.64 | 9.8 | 0.01 | Jun 24, 2024 | Buffer Overflow vulnerability in ASUS router RT-AX88U with firmware versions v3.0.0.4.388_24198 allows a remote attacker to execute arbitrary code via the connection_state_machine due to improper length validation for the cookie field. | ||
| CVE-2024-30804 | Cri | 0.64 | 9.8 | 0.01 | Apr 26, 2024 | An issue discovered in the DeviceIoControl component in ASUS Fan_Xpert before v.10013 allows an attacker to execute arbitrary code via crafted IOCTL requests. | ||
| CVE-2018-11491 | Cri | 0.64 | 9.8 | 0.07 | Jul 25, 2018 | ASUS HG100 devices with firmware before 1.05.12 allow unauthenticated access, leading to remote command execution. | ||
| CVE-2016-6558 | Cri | 0.64 | 9.8 | 0.04 | Jul 13, 2018 | A command injection vulnerability exists in apply.cgi on the ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, web interface specifically in the action_script parameter. The action_script parameter specifies a script to be executed if the action_mode… | ||
| CVE-2018-8826 | Cri | 0.64 | 9.8 | 0.04 | Apr 20, 2018 | ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13, and RT-N12 D1 routers with firmware before 3.0.0.4.380.8228; RT-AC52U B1, RT-AC1200 and RT-N600 routers with firmware before 3.0.0.4.380.10446; RT-AC55U and RT-AC55UHP routers with firmware before 3.0.0.4.382.50276;… | ||
| CVE-2018-9285 | Cri | 0.64 | 9.8 | 0.04 | Apr 4, 2018 | Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.384_10007; RT-N18U devices before 3.0.0.4.382.39935; RT-AC87U and RT-AC3200 devices before 3.0.0.4.382.50010; and RT-AC5300 devices… | ||
| CVE-2017-14698 | Cri | 0.64 | 9.8 | 0.01 | Jan 29, 2018 | ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote attackers to change passwords of arbitrary users via the http_passwd… | ||
| CVE-2017-11420 | Cri | 0.64 | 9.8 | 0.06 | Jul 18, 2017 | Stack-based buffer overflow in ASUS_Discovery.c in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U,… | ||
| CVE-2017-15655 | Cri | 0.63 | 9.6 | 0.03 | Jan 31, 2018 | Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version <=3.0.0.4.376.X. All have been fixed in version 3.0.0.4.378, but this vulnerability was not previously disclosed. Some end-of-life routers have this version as the newest and thus are… | ||
| CVE-2025-3463 | Cri | 0.61 | — | 0.01 | May 9, 2025 | "This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests. Refer to the 'Security Update… | ||
| CVE-2017-6549 | Hig | 0.61 | 8.8 | 0.08 | Mar 9, 2017 | Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers… | ||
| CVE-2025-59366 | Cri | 0.60 | — | 0.15 | Nov 25, 2025 | An authentication-bypass vulnerability exists in AiCloud. This vulnerability can be triggered by an unintended side effect of the Samba functionality, potentially leading to allow execution of specific functions without proper authorization. Refer to the Security Update for… | ||
| CVE-2025-2492 | Cri | 0.60 | — | 0.01 | Apr 18, 2025 | An improper authentication control vulnerability exists in AiCloud. This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions. Refer to the 'ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for… | ||
| CVE-2018-15887 | Hig | 0.58 | 8.8 | 0.04 | Aug 27, 2018 | Main_Analysis_Content.asp in ASUS DSL-N12E_C1 1.1.2.3_345 is prone to Authenticated Remote Command Execution, which allows a remote attacker to execute arbitrary OS commands via service parameters, such as shell metacharacters in the destIP parameter of a cmdMethod=ping request. | ||
| CVE-2025-15101 | Hig | 0.57 | 8.8 | 0.01 | Mar 26, 2026 | An OS command injection vulnerability in the web management interface of certain ASUS router models allows remote authenticated administrators to execute arbitrary system commands via a crafted parameter. Refer to the 'Security Update for ASUS Router Firmware' section on the… |
- risk 0.73cvss 9.8epss 0.84
An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpnupload.cgi provides functionality for setting NVRAM configuration values, which allows attackers to set the admin password and launch an SSH daemon (or enable…
- risk 0.68cvss 9.8epss 0.43
Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device.
- risk 0.68cvss 9.8epss 0.14
Buffer overflow in Broadcom ACSD allows remote attackers to execute arbitrary code via a long string to TCP port 5916. This component is used on routers of multiple vendors including ASUS RT-AC66U and TRENDnet TEW-812DRU.
- risk 0.68cvss 9.8epss 0.21
Buffer overflows in networkmap on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with…
- risk 0.64cvss 9.8epss 0.01
Command injection vulnerability in Asus RT-N15U 3.0.0.4.376_3754 allows a remote attacker to execute arbitrary code via the netstat function page.
- risk 0.64cvss 9.8epss 0.01
Buffer Overflow vulnerability in ASUS router RT-AX88U with firmware versions v3.0.0.4.388_24198 allows a remote attacker to execute arbitrary code via the connection_state_machine due to improper length validation for the cookie field.
- risk 0.64cvss 9.8epss 0.01
An issue discovered in the DeviceIoControl component in ASUS Fan_Xpert before v.10013 allows an attacker to execute arbitrary code via crafted IOCTL requests.
- risk 0.64cvss 9.8epss 0.07
ASUS HG100 devices with firmware before 1.05.12 allow unauthenticated access, leading to remote command execution.
- risk 0.64cvss 9.8epss 0.04
A command injection vulnerability exists in apply.cgi on the ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, web interface specifically in the action_script parameter. The action_script parameter specifies a script to be executed if the action_mode…
- risk 0.64cvss 9.8epss 0.04
ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13, and RT-N12 D1 routers with firmware before 3.0.0.4.380.8228; RT-AC52U B1, RT-AC1200 and RT-N600 routers with firmware before 3.0.0.4.380.10446; RT-AC55U and RT-AC55UHP routers with firmware before 3.0.0.4.382.50276;…
- risk 0.64cvss 9.8epss 0.04
Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.384_10007; RT-N18U devices before 3.0.0.4.382.39935; RT-AC87U and RT-AC3200 devices before 3.0.0.4.382.50010; and RT-AC5300 devices…
- risk 0.64cvss 9.8epss 0.01
ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote attackers to change passwords of arbitrary users via the http_passwd…
- risk 0.64cvss 9.8epss 0.06
Stack-based buffer overflow in ASUS_Discovery.c in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U,…
- risk 0.63cvss 9.6epss 0.03
Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version <=3.0.0.4.376.X. All have been fixed in version 3.0.0.4.378, but this vulnerability was not previously disclosed. Some end-of-life routers have this version as the newest and thus are…
- risk 0.61cvss —epss 0.01
"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests. Refer to the 'Security Update…
- risk 0.61cvss 8.8epss 0.08
Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers…
- risk 0.60cvss —epss 0.15
An authentication-bypass vulnerability exists in AiCloud. This vulnerability can be triggered by an unintended side effect of the Samba functionality, potentially leading to allow execution of specific functions without proper authorization. Refer to the Security Update for…
- risk 0.60cvss —epss 0.01
An improper authentication control vulnerability exists in AiCloud. This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions. Refer to the 'ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for…
- risk 0.58cvss 8.8epss 0.04
Main_Analysis_Content.asp in ASUS DSL-N12E_C1 1.1.2.3_345 is prone to Authenticated Remote Command Execution, which allows a remote attacker to execute arbitrary OS commands via service parameters, such as shell metacharacters in the destIP parameter of a cmdMethod=ping request.
- risk 0.57cvss 8.8epss 0.01
An OS command injection vulnerability in the web management interface of certain ASUS router models allows remote authenticated administrators to execute arbitrary system commands via a crafted parameter. Refer to the 'Security Update for ASUS Router Firmware' section on the…