Vendor CVEs
Asus
All CVEs
285 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-6000 | Cri | 0.73 | 9.8 | 0.84 | Jan 22, 2018 | An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpnupload.cgi provides functionality for setting NVRAM configuration values, which allows attackers to set the admin password and launch an SSH daemon (or enable… | ||
| CVE-2024-3080 | Cri | 0.68 | 9.8 | 0.43 | Jun 14, 2024 | Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device. | ||
| CVE-2013-4659 | Cri | 0.68 | 9.8 | 0.14 | Mar 14, 2017 | Buffer overflow in Broadcom ACSD allows remote attackers to execute arbitrary code via a long string to TCP port 5916. This component is used on routers of multiple vendors including ASUS RT-AC66U and TRENDnet TEW-812DRU. | ||
| CVE-2017-6548 | Cri | 0.68 | 9.8 | 0.21 | Mar 9, 2017 | Buffer overflows in networkmap on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with… | ||
| CVE-2024-42757 | Cri | 0.64 | 9.8 | 0.01 | Aug 15, 2024 | Command injection vulnerability in Asus RT-N15U 3.0.0.4.376_3754 allows a remote attacker to execute arbitrary code via the netstat function page. | ||
| CVE-2024-33278 | Cri | 0.64 | 9.8 | 0.01 | Jun 24, 2024 | Buffer Overflow vulnerability in ASUS router RT-AX88U with firmware versions v3.0.0.4.388_24198 allows a remote attacker to execute arbitrary code via the connection_state_machine due to improper length validation for the cookie field. | ||
| CVE-2024-30804 | Cri | 0.64 | 9.8 | 0.01 | Apr 26, 2024 | An issue discovered in the DeviceIoControl component in ASUS Fan_Xpert before v.10013 allows an attacker to execute arbitrary code via crafted IOCTL requests. | ||
| CVE-2018-11491 | Cri | 0.64 | 9.8 | 0.07 | Jul 25, 2018 | ASUS HG100 devices with firmware before 1.05.12 allow unauthenticated access, leading to remote command execution. | ||
| CVE-2016-6558 | Cri | 0.64 | 9.8 | 0.04 | Jul 13, 2018 | A command injection vulnerability exists in apply.cgi on the ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, web interface specifically in the action_script parameter. The action_script parameter specifies a script to be executed if the action_mode… | ||
| CVE-2018-8826 | Cri | 0.64 | 9.8 | 0.04 | Apr 20, 2018 | ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13, and RT-N12 D1 routers with firmware before 3.0.0.4.380.8228; RT-AC52U B1, RT-AC1200 and RT-N600 routers with firmware before 3.0.0.4.380.10446; RT-AC55U and RT-AC55UHP routers with firmware before 3.0.0.4.382.50276;… | ||
| CVE-2018-9285 | Cri | 0.64 | 9.8 | 0.04 | Apr 4, 2018 | Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.384_10007; RT-N18U devices before 3.0.0.4.382.39935; RT-AC87U and RT-AC3200 devices before 3.0.0.4.382.50010; and RT-AC5300 devices… | ||
| CVE-2017-14698 | Cri | 0.64 | 9.8 | 0.01 | Jan 29, 2018 | ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote attackers to change passwords of arbitrary users via the http_passwd… | ||
| CVE-2017-11420 | Cri | 0.64 | 9.8 | 0.06 | Jul 18, 2017 | Stack-based buffer overflow in ASUS_Discovery.c in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U,… | ||
| CVE-2017-15655 | Cri | 0.63 | 9.6 | 0.03 | Jan 31, 2018 | Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version <=3.0.0.4.376.X. All have been fixed in version 3.0.0.4.378, but this vulnerability was not previously disclosed. Some end-of-life routers have this version as the newest and thus are… | ||
| CVE-2025-3463 | Cri | 0.61 | — | 0.01 | May 9, 2025 | "This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests. Refer to the 'Security Update… | ||
| CVE-2017-6549 | Hig | 0.61 | 8.8 | 0.08 | Mar 9, 2017 | Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers… | ||
| CVE-2025-59366 | Cri | 0.60 | — | 0.15 | Nov 25, 2025 | An authentication-bypass vulnerability exists in AiCloud. This vulnerability can be triggered by an unintended side effect of the Samba functionality, potentially leading to allow execution of specific functions without proper authorization. Refer to the Security Update for… | ||
| CVE-2025-2492 | Cri | 0.60 | — | 0.01 | Apr 18, 2025 | An improper authentication control vulnerability exists in AiCloud. This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions. Refer to the 'ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for… | ||
| CVE-2018-15887 | Hig | 0.58 | 8.8 | 0.04 | Aug 27, 2018 | Main_Analysis_Content.asp in ASUS DSL-N12E_C1 1.1.2.3_345 is prone to Authenticated Remote Command Execution, which allows a remote attacker to execute arbitrary OS commands via service parameters, such as shell metacharacters in the destIP parameter of a cmdMethod=ping request. | ||
| CVE-2025-15101 | Hig | 0.57 | 8.8 | 0.01 | Mar 26, 2026 | An OS command injection vulnerability in the web management interface of certain ASUS router models allows remote authenticated administrators to execute arbitrary system commands via a crafted parameter. Refer to the 'Security Update for ASUS Router Firmware' section on the… | ||
| CVE-2024-33223 | Hig | 0.57 | 8.8 | 0.00 | May 22, 2024 | An issue in the component IOMap64.sys of ASUSTeK Computer Inc ASUS GPU TweakII v1.4.5.2 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. | ||
| CVE-2018-17023 | Hig | 0.57 | 8.8 | 0.01 | Sep 13, 2018 | Cross-site request forgery (CSRF) vulnerability on ASUS GT-AC5300 routers with firmware through 3.0.0.4.384_32738 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request to start_apply.htm. | ||
| CVE-2018-0647 | Hig | 0.57 | 8.8 | 0.01 | Sep 7, 2018 | Cross-site request forgery (CSRF) vulnerability in WL-330NUL Firmware version prior to 3.0.0.46 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | ||
| CVE-2016-6557 | Hig | 0.57 | 8.8 | 0.01 | Jul 13, 2018 | In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the same permissions as a… | ||
| CVE-2017-15656 | Hig | 0.57 | 8.8 | 0.01 | Jan 31, 2018 | Password are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt. | ||
| CVE-2017-15653 | Hig | 0.57 | 8.8 | 0.02 | Jan 31, 2018 | Improper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string. | ||
| CVE-2018-5721 | Hig | 0.57 | 8.8 | 0.02 | Jan 17, 2018 | Stack-based buffer overflow in the ej_update_variables function in router/httpd/web.c on ASUS routers (when using software from https://github.com/RMerl/asuswrt-merlin) allows web authenticated attackers to execute code via a request that updates a setting. In… | ||
| CVE-2017-12593 | Hig | 0.57 | 8.8 | 0.00 | Aug 18, 2017 | ASUS DSL-N10S V2.1.16_APAC devices allow CSRF. | ||
| CVE-2017-12592 | Hig | 0.57 | 8.8 | 0.01 | Aug 18, 2017 | ASUS DSL-N10S V2.1.16_APAC devices have a privilege escalation vulnerability. A normal user can escalate its privilege and perform administrative actions. There is no mapping of users with their privileges. | ||
| CVE-2017-12754 | Hig | 0.57 | 8.8 | 0.03 | Aug 9, 2017 | Stack buffer overflow in httpd in Asuswrt-Merlin firmware 380.67_0RT-AC5300 and earlier for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U,… | ||
| CVE-2017-5891 | Hig | 0.57 | 8.8 | 0.00 | May 10, 2017 | ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 have Login Page CSRF and Save Settings CSRF. | ||
| CVE-2025-13348 | Hig | 0.55 | — | 0.00 | Feb 2, 2026 | An improper access control vulnerability exists in ASUS Secure Delete Driver of ASUS Business Manager. This vulnerability can be triggered by a local user sending a specially crafted request, potentially leading to the creation of arbitrary files in a specified path. Refer to… | ||
| CVE-2025-59373 | Hig | 0.55 | — | 0.00 | Nov 25, 2025 | A local privilege escalation vulnerability exists in the restore mechanism of ASUS System Control Interface. It can be triggered when an unprivileged actor copies files without proper validation into protected system paths, potentially leading to arbitrary files being… | ||
| CVE-2025-9968 | Hig | 0.55 | — | 0.00 | Oct 13, 2025 | A link following vulnerability exists in the UnifyScanner component of Armoury Crate. This vulnerability may be triggered by creating a specially crafted junction, potentially leading to local privilege escalation. For more information, please refer to section 'Security Update… | ||
| CVE-2025-3464 | Hig | 0.55 | — | 0.01 | Jun 16, 2025 | A race condition vulnerability exists in Armoury Crate. This vulnerability arises from a Time-of-check Time-of-use issue, potentially leading to authentication bypass. Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information. | ||
| CVE-2025-3462 | Hig | 0.55 | — | 0.00 | May 9, 2025 | "This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation in ASUS DriverHub may allow unauthorized sources to interact with the software's features via crafted HTTP requests. Refer to the 'Security… | ||
| CVE-2024-12957 | Hig | 0.55 | — | 0.00 | Jan 23, 2025 | A file handling command vulnerability in certain versions of Armoury Crate may result in arbitrary file deletion. Refer to the '01/23/2025 Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information. | ||
| CVE-2024-33222 | Hig | 0.55 | 8.4 | 0.00 | May 22, 2024 | An issue in the component ATSZIO64.sys of ASUSTeK Computer Inc ASUS ATSZIO Driver v0.2.1.7 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. | ||
| CVE-2024-28327 | Hig | 0.55 | 8.4 | 0.00 | Apr 26, 2024 | Asus RT-N12+ B1 router stores user passwords in plaintext, which could allow local attackers to obtain unauthorized access and modify router settings. | ||
| CVE-2017-15654 | Hig | 0.54 | 8.3 | 0.02 | Jan 31, 2018 | Highly predictable session tokens in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allow gaining administrative router access. | ||
| CVE-2025-1533 | Hig | 0.53 | — | 0.00 | May 12, 2025 | A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may leading to a system crash (BSOD) or other potentially undefined execution. Refer to the 'Security Update for Armoury Crate App' section on the ASUS… | ||
| CVE-2018-11492 | Hig | 0.53 | 7.5 | 0.11 | Aug 10, 2018 | ASUS HG100 devices allow denial of service via an IPv4 packet flood. | ||
| CVE-2024-33221 | Hig | 0.51 | 7.8 | 0.00 | May 22, 2024 | An issue in the component AsusBSItf.sys of ASUSTeK Computer Inc ASUS BIOS Flash Driver v3.2.12.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. | ||
| CVE-2024-33218 | Hig | 0.51 | 7.8 | 0.00 | May 22, 2024 | An issue in the component AsUpIO64.sys of ASUSTeK Computer Inc ASUS USB 3.0 Boost Storage Driver 5.30.20.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. | ||
| CVE-2017-5711 | Hig | 0.51 | 7.8 | 0.01 | Nov 21, 2017 | Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege. | ||
| CVE-2017-11345 | Hig | 0.51 | 7.8 | 0.02 | Jul 17, 2017 | Stack buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200,… | ||
| CVE-2017-11344 | Hig | 0.51 | 7.8 | 0.03 | Jul 17, 2017 | Global buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200,… | ||
| CVE-2025-4569 | Hig | 0.50 | — | 0.00 | Jul 21, 2025 | An insecure sensitive key storage issue was found in MyASUS. potentially allowing unauthorized actor to obtain a token that could be used to communicate with certain services. Refer to the 'Security Update for for MyASUS' section on the ASUS Security Advisory for more… | ||
| CVE-2025-59370 | Hig | 0.49 | — | 0.01 | Nov 25, 2025 | A command injection vulnerability has been identified in bwdpi. A remote, authenticated attacker could leverage this vulnerability to potentially execute arbitrary commands, leading to the device executing unintended instructions. Refer to the 'Security Update for ASUS Router… | ||
| CVE-2018-17127 | Hig | 0.49 | 7.5 | 0.01 | Sep 17, 2018 | blocking_request.cgi on ASUS GT-AC5300 devices through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (NULL pointer dereference and device crash) via a request that lacks a timestap parameter. |
- risk 0.73cvss 9.8epss 0.84
An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpnupload.cgi provides functionality for setting NVRAM configuration values, which allows attackers to set the admin password and launch an SSH daemon (or enable…
- risk 0.68cvss 9.8epss 0.43
Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device.
- risk 0.68cvss 9.8epss 0.14
Buffer overflow in Broadcom ACSD allows remote attackers to execute arbitrary code via a long string to TCP port 5916. This component is used on routers of multiple vendors including ASUS RT-AC66U and TRENDnet TEW-812DRU.
- risk 0.68cvss 9.8epss 0.21
Buffer overflows in networkmap on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with…
- risk 0.64cvss 9.8epss 0.01
Command injection vulnerability in Asus RT-N15U 3.0.0.4.376_3754 allows a remote attacker to execute arbitrary code via the netstat function page.
- risk 0.64cvss 9.8epss 0.01
Buffer Overflow vulnerability in ASUS router RT-AX88U with firmware versions v3.0.0.4.388_24198 allows a remote attacker to execute arbitrary code via the connection_state_machine due to improper length validation for the cookie field.
- risk 0.64cvss 9.8epss 0.01
An issue discovered in the DeviceIoControl component in ASUS Fan_Xpert before v.10013 allows an attacker to execute arbitrary code via crafted IOCTL requests.
- risk 0.64cvss 9.8epss 0.07
ASUS HG100 devices with firmware before 1.05.12 allow unauthenticated access, leading to remote command execution.
- risk 0.64cvss 9.8epss 0.04
A command injection vulnerability exists in apply.cgi on the ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, web interface specifically in the action_script parameter. The action_script parameter specifies a script to be executed if the action_mode…
- risk 0.64cvss 9.8epss 0.04
ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13, and RT-N12 D1 routers with firmware before 3.0.0.4.380.8228; RT-AC52U B1, RT-AC1200 and RT-N600 routers with firmware before 3.0.0.4.380.10446; RT-AC55U and RT-AC55UHP routers with firmware before 3.0.0.4.382.50276;…
- risk 0.64cvss 9.8epss 0.04
Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.384_10007; RT-N18U devices before 3.0.0.4.382.39935; RT-AC87U and RT-AC3200 devices before 3.0.0.4.382.50010; and RT-AC5300 devices…
- risk 0.64cvss 9.8epss 0.01
ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote attackers to change passwords of arbitrary users via the http_passwd…
- risk 0.64cvss 9.8epss 0.06
Stack-based buffer overflow in ASUS_Discovery.c in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U,…
- risk 0.63cvss 9.6epss 0.03
Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version <=3.0.0.4.376.X. All have been fixed in version 3.0.0.4.378, but this vulnerability was not previously disclosed. Some end-of-life routers have this version as the newest and thus are…
- risk 0.61cvss —epss 0.01
"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests. Refer to the 'Security Update…
- risk 0.61cvss 8.8epss 0.08
Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers…
- risk 0.60cvss —epss 0.15
An authentication-bypass vulnerability exists in AiCloud. This vulnerability can be triggered by an unintended side effect of the Samba functionality, potentially leading to allow execution of specific functions without proper authorization. Refer to the Security Update for…
- risk 0.60cvss —epss 0.01
An improper authentication control vulnerability exists in AiCloud. This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions. Refer to the 'ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for…
- risk 0.58cvss 8.8epss 0.04
Main_Analysis_Content.asp in ASUS DSL-N12E_C1 1.1.2.3_345 is prone to Authenticated Remote Command Execution, which allows a remote attacker to execute arbitrary OS commands via service parameters, such as shell metacharacters in the destIP parameter of a cmdMethod=ping request.
- risk 0.57cvss 8.8epss 0.01
An OS command injection vulnerability in the web management interface of certain ASUS router models allows remote authenticated administrators to execute arbitrary system commands via a crafted parameter. Refer to the 'Security Update for ASUS Router Firmware' section on the…
- risk 0.57cvss 8.8epss 0.00
An issue in the component IOMap64.sys of ASUSTeK Computer Inc ASUS GPU TweakII v1.4.5.2 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.
- risk 0.57cvss 8.8epss 0.01
Cross-site request forgery (CSRF) vulnerability on ASUS GT-AC5300 routers with firmware through 3.0.0.4.384_32738 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request to start_apply.htm.
- risk 0.57cvss 8.8epss 0.01
Cross-site request forgery (CSRF) vulnerability in WL-330NUL Firmware version prior to 3.0.0.46 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
- risk 0.57cvss 8.8epss 0.01
In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the same permissions as a…
- risk 0.57cvss 8.8epss 0.01
Password are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt.
- risk 0.57cvss 8.8epss 0.02
Improper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string.
- risk 0.57cvss 8.8epss 0.02
Stack-based buffer overflow in the ej_update_variables function in router/httpd/web.c on ASUS routers (when using software from https://github.com/RMerl/asuswrt-merlin) allows web authenticated attackers to execute code via a request that updates a setting. In…
- risk 0.57cvss 8.8epss 0.00
ASUS DSL-N10S V2.1.16_APAC devices allow CSRF.
- risk 0.57cvss 8.8epss 0.01
ASUS DSL-N10S V2.1.16_APAC devices have a privilege escalation vulnerability. A normal user can escalate its privilege and perform administrative actions. There is no mapping of users with their privileges.
- risk 0.57cvss 8.8epss 0.03
Stack buffer overflow in httpd in Asuswrt-Merlin firmware 380.67_0RT-AC5300 and earlier for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U,…
- risk 0.57cvss 8.8epss 0.00
ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 have Login Page CSRF and Save Settings CSRF.
- risk 0.55cvss —epss 0.00
An improper access control vulnerability exists in ASUS Secure Delete Driver of ASUS Business Manager. This vulnerability can be triggered by a local user sending a specially crafted request, potentially leading to the creation of arbitrary files in a specified path. Refer to…
- risk 0.55cvss —epss 0.00
A local privilege escalation vulnerability exists in the restore mechanism of ASUS System Control Interface. It can be triggered when an unprivileged actor copies files without proper validation into protected system paths, potentially leading to arbitrary files being…
- risk 0.55cvss —epss 0.00
A link following vulnerability exists in the UnifyScanner component of Armoury Crate. This vulnerability may be triggered by creating a specially crafted junction, potentially leading to local privilege escalation. For more information, please refer to section 'Security Update…
- risk 0.55cvss —epss 0.01
A race condition vulnerability exists in Armoury Crate. This vulnerability arises from a Time-of-check Time-of-use issue, potentially leading to authentication bypass. Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information.
- risk 0.55cvss —epss 0.00
"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation in ASUS DriverHub may allow unauthorized sources to interact with the software's features via crafted HTTP requests. Refer to the 'Security…
- risk 0.55cvss —epss 0.00
A file handling command vulnerability in certain versions of Armoury Crate may result in arbitrary file deletion. Refer to the '01/23/2025 Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information.
- risk 0.55cvss 8.4epss 0.00
An issue in the component ATSZIO64.sys of ASUSTeK Computer Inc ASUS ATSZIO Driver v0.2.1.7 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.
- risk 0.55cvss 8.4epss 0.00
Asus RT-N12+ B1 router stores user passwords in plaintext, which could allow local attackers to obtain unauthorized access and modify router settings.
- risk 0.54cvss 8.3epss 0.02
Highly predictable session tokens in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allow gaining administrative router access.
- risk 0.53cvss —epss 0.00
A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may leading to a system crash (BSOD) or other potentially undefined execution. Refer to the 'Security Update for Armoury Crate App' section on the ASUS…
- risk 0.53cvss 7.5epss 0.11
ASUS HG100 devices allow denial of service via an IPv4 packet flood.
- risk 0.51cvss 7.8epss 0.00
An issue in the component AsusBSItf.sys of ASUSTeK Computer Inc ASUS BIOS Flash Driver v3.2.12.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.
- risk 0.51cvss 7.8epss 0.00
An issue in the component AsUpIO64.sys of ASUSTeK Computer Inc ASUS USB 3.0 Boost Storage Driver 5.30.20.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.
- risk 0.51cvss 7.8epss 0.01
Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege.
- risk 0.51cvss 7.8epss 0.02
Stack buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200,…
- risk 0.51cvss 7.8epss 0.03
Global buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200,…
- risk 0.50cvss —epss 0.00
An insecure sensitive key storage issue was found in MyASUS. potentially allowing unauthorized actor to obtain a token that could be used to communicate with certain services. Refer to the 'Security Update for for MyASUS' section on the ASUS Security Advisory for more…
- risk 0.49cvss —epss 0.01
A command injection vulnerability has been identified in bwdpi. A remote, authenticated attacker could leverage this vulnerability to potentially execute arbitrary commands, leading to the device executing unintended instructions. Refer to the 'Security Update for ASUS Router…
- risk 0.49cvss 7.5epss 0.01
blocking_request.cgi on ASUS GT-AC5300 devices through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (NULL pointer dereference and device crash) via a request that lacks a timestap parameter.
Page 1 of 6