VYPR

Vendor CVEs

Asus

All CVEs

285 total · sorted by risk
  • CVE-2018-6000CriJan 22, 2018
    risk 0.73cvss 9.8epss 0.84

    An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpnupload.cgi provides functionality for setting NVRAM configuration values, which allows attackers to set the admin password and launch an SSH daemon (or enable…

  • CVE-2024-3080CriJun 14, 2024
    risk 0.68cvss 9.8epss 0.43

    Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device.

  • CVE-2013-4659CriMar 14, 2017
    risk 0.68cvss 9.8epss 0.14

    Buffer overflow in Broadcom ACSD allows remote attackers to execute arbitrary code via a long string to TCP port 5916. This component is used on routers of multiple vendors including ASUS RT-AC66U and TRENDnet TEW-812DRU.

  • CVE-2017-6548CriMar 9, 2017
    risk 0.68cvss 9.8epss 0.21

    Buffer overflows in networkmap on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with…

  • CVE-2024-42757CriAug 15, 2024
    risk 0.64cvss 9.8epss 0.01

    Command injection vulnerability in Asus RT-N15U 3.0.0.4.376_3754 allows a remote attacker to execute arbitrary code via the netstat function page.

  • CVE-2024-33278CriJun 24, 2024
    risk 0.64cvss 9.8epss 0.01

    Buffer Overflow vulnerability in ASUS router RT-AX88U with firmware versions v3.0.0.4.388_24198 allows a remote attacker to execute arbitrary code via the connection_state_machine due to improper length validation for the cookie field.

  • CVE-2024-30804CriApr 26, 2024
    risk 0.64cvss 9.8epss 0.01

    An issue discovered in the DeviceIoControl component in ASUS Fan_Xpert before v.10013 allows an attacker to execute arbitrary code via crafted IOCTL requests.

  • CVE-2018-11491CriJul 25, 2018
    risk 0.64cvss 9.8epss 0.07

    ASUS HG100 devices with firmware before 1.05.12 allow unauthenticated access, leading to remote command execution.

  • CVE-2016-6558CriJul 13, 2018
    risk 0.64cvss 9.8epss 0.04

    A command injection vulnerability exists in apply.cgi on the ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, web interface specifically in the action_script parameter. The action_script parameter specifies a script to be executed if the action_mode…

  • CVE-2018-8826CriApr 20, 2018
    risk 0.64cvss 9.8epss 0.04

    ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13, and RT-N12 D1 routers with firmware before 3.0.0.4.380.8228; RT-AC52U B1, RT-AC1200 and RT-N600 routers with firmware before 3.0.0.4.380.10446; RT-AC55U and RT-AC55UHP routers with firmware before 3.0.0.4.382.50276;…

  • CVE-2018-9285CriApr 4, 2018
    risk 0.64cvss 9.8epss 0.04

    Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.384_10007; RT-N18U devices before 3.0.0.4.382.39935; RT-AC87U and RT-AC3200 devices before 3.0.0.4.382.50010; and RT-AC5300 devices…

  • CVE-2017-14698CriJan 29, 2018
    risk 0.64cvss 9.8epss 0.01

    ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote attackers to change passwords of arbitrary users via the http_passwd…

  • CVE-2017-11420CriJul 18, 2017
    risk 0.64cvss 9.8epss 0.06

    Stack-based buffer overflow in ASUS_Discovery.c in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U,…

  • CVE-2017-15655CriJan 31, 2018
    risk 0.63cvss 9.6epss 0.03

    Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version <=3.0.0.4.376.X. All have been fixed in version 3.0.0.4.378, but this vulnerability was not previously disclosed. Some end-of-life routers have this version as the newest and thus are…

  • CVE-2025-3463CriMay 9, 2025
    risk 0.61cvss epss 0.01

    "This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests. Refer to the 'Security Update…

  • CVE-2017-6549HigMar 9, 2017
    risk 0.61cvss 8.8epss 0.08

    Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers…

  • CVE-2025-59366CriNov 25, 2025
    risk 0.60cvss epss 0.15

    An authentication-bypass vulnerability exists in AiCloud. This vulnerability can be triggered by an unintended side effect of the Samba functionality, potentially leading to allow execution of specific functions without proper authorization. Refer to the Security Update for…

  • CVE-2025-2492CriApr 18, 2025
    risk 0.60cvss epss 0.01

    An improper authentication control vulnerability exists in AiCloud. This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions. Refer to the 'ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for…

  • CVE-2018-15887HigAug 27, 2018
    risk 0.58cvss 8.8epss 0.04

    Main_Analysis_Content.asp in ASUS DSL-N12E_C1 1.1.2.3_345 is prone to Authenticated Remote Command Execution, which allows a remote attacker to execute arbitrary OS commands via service parameters, such as shell metacharacters in the destIP parameter of a cmdMethod=ping request.

  • CVE-2025-15101HigMar 26, 2026
    risk 0.57cvss 8.8epss 0.01

    An OS command injection vulnerability in the web management interface of certain ASUS router models allows remote authenticated administrators to execute arbitrary system commands via a crafted parameter. Refer to the 'Security Update for ASUS Router Firmware' section on the…

  • CVE-2024-33223HigMay 22, 2024
    risk 0.57cvss 8.8epss 0.00

    An issue in the component IOMap64.sys of ASUSTeK Computer Inc ASUS GPU TweakII v1.4.5.2 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.

  • CVE-2018-17023HigSep 13, 2018
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability on ASUS GT-AC5300 routers with firmware through 3.0.0.4.384_32738 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request to start_apply.htm.

  • CVE-2018-0647HigSep 7, 2018
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in WL-330NUL Firmware version prior to 3.0.0.46 allows remote attackers to hijack the authentication of administrators via unspecified vectors.

  • CVE-2016-6557HigJul 13, 2018
    risk 0.57cvss 8.8epss 0.01

    In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the same permissions as a…

  • CVE-2017-15656HigJan 31, 2018
    risk 0.57cvss 8.8epss 0.01

    Password are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt.

  • CVE-2017-15653HigJan 31, 2018
    risk 0.57cvss 8.8epss 0.02

    Improper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string.

  • CVE-2018-5721HigJan 17, 2018
    risk 0.57cvss 8.8epss 0.02

    Stack-based buffer overflow in the ej_update_variables function in router/httpd/web.c on ASUS routers (when using software from https://github.com/RMerl/asuswrt-merlin) allows web authenticated attackers to execute code via a request that updates a setting. In…

  • CVE-2017-12593HigAug 18, 2017
    risk 0.57cvss 8.8epss 0.00

    ASUS DSL-N10S V2.1.16_APAC devices allow CSRF.

  • CVE-2017-12592HigAug 18, 2017
    risk 0.57cvss 8.8epss 0.01

    ASUS DSL-N10S V2.1.16_APAC devices have a privilege escalation vulnerability. A normal user can escalate its privilege and perform administrative actions. There is no mapping of users with their privileges.

  • CVE-2017-12754HigAug 9, 2017
    risk 0.57cvss 8.8epss 0.03

    Stack buffer overflow in httpd in Asuswrt-Merlin firmware 380.67_0RT-AC5300 and earlier for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U,…

  • CVE-2017-5891HigMay 10, 2017
    risk 0.57cvss 8.8epss 0.00

    ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 have Login Page CSRF and Save Settings CSRF.

  • CVE-2025-13348HigFeb 2, 2026
    risk 0.55cvss epss 0.00

    An improper access control vulnerability exists in ASUS Secure Delete Driver of ASUS Business Manager. This vulnerability can be triggered by a local user sending a specially crafted request, potentially leading to the creation of arbitrary files in a specified path. Refer to…

  • CVE-2025-59373HigNov 25, 2025
    risk 0.55cvss epss 0.00

    A local privilege escalation vulnerability exists in the restore mechanism of ASUS System Control Interface. It can be triggered when an unprivileged actor copies files without proper validation into protected system paths, potentially leading to arbitrary files being…

  • CVE-2025-9968HigOct 13, 2025
    risk 0.55cvss epss 0.00

    A link following vulnerability exists in the UnifyScanner component of Armoury Crate. This vulnerability may be triggered by creating a specially crafted junction, potentially leading to local privilege escalation. For more information, please refer to section 'Security Update…

  • CVE-2025-3464HigJun 16, 2025
    risk 0.55cvss epss 0.01

    A race condition vulnerability exists in Armoury Crate. This vulnerability arises from a Time-of-check Time-of-use issue, potentially leading to authentication bypass. Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information.

  • CVE-2025-3462HigMay 9, 2025
    risk 0.55cvss epss 0.00

    "This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation in ASUS DriverHub may allow unauthorized sources to interact with the software's features via crafted HTTP requests. Refer to the 'Security…

  • CVE-2024-12957HigJan 23, 2025
    risk 0.55cvss epss 0.00

    A file handling command vulnerability in certain versions of Armoury Crate may result in arbitrary file deletion. Refer to the '01/23/2025 Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information.

  • CVE-2024-33222HigMay 22, 2024
    risk 0.55cvss 8.4epss 0.00

    An issue in the component ATSZIO64.sys of ASUSTeK Computer Inc ASUS ATSZIO Driver v0.2.1.7 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.

  • CVE-2024-28327HigApr 26, 2024
    risk 0.55cvss 8.4epss 0.00

    Asus RT-N12+ B1 router stores user passwords in plaintext, which could allow local attackers to obtain unauthorized access and modify router settings.

  • CVE-2017-15654HigJan 31, 2018
    risk 0.54cvss 8.3epss 0.02

    Highly predictable session tokens in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allow gaining administrative router access.

  • CVE-2025-1533HigMay 12, 2025
    risk 0.53cvss epss 0.00

    A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may leading to a system crash (BSOD) or other potentially undefined execution. Refer to the 'Security Update for Armoury Crate App' section on the ASUS…

  • CVE-2018-11492HigAug 10, 2018
    risk 0.53cvss 7.5epss 0.11

    ASUS HG100 devices allow denial of service via an IPv4 packet flood.

  • CVE-2024-33221HigMay 22, 2024
    risk 0.51cvss 7.8epss 0.00

    An issue in the component AsusBSItf.sys of ASUSTeK Computer Inc ASUS BIOS Flash Driver v3.2.12.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.

  • CVE-2024-33218HigMay 22, 2024
    risk 0.51cvss 7.8epss 0.00

    An issue in the component AsUpIO64.sys of ASUSTeK Computer Inc ASUS USB 3.0 Boost Storage Driver 5.30.20.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.

  • CVE-2017-5711HigNov 21, 2017
    risk 0.51cvss 7.8epss 0.01

    Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege.

  • CVE-2017-11345HigJul 17, 2017
    risk 0.51cvss 7.8epss 0.02

    Stack buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200,…

  • CVE-2017-11344HigJul 17, 2017
    risk 0.51cvss 7.8epss 0.03

    Global buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200,…

  • CVE-2025-4569HigJul 21, 2025
    risk 0.50cvss epss 0.00

    An insecure sensitive key storage issue was found in MyASUS. potentially allowing unauthorized actor to obtain a token that could be used to communicate with certain services. Refer to the 'Security Update for for MyASUS' section on the ASUS Security Advisory for more…

  • CVE-2025-59370HigNov 25, 2025
    risk 0.49cvss epss 0.01

    A command injection vulnerability has been identified in bwdpi. A remote, authenticated attacker could leverage this vulnerability to potentially execute arbitrary commands, leading to the device executing unintended instructions. Refer to the 'Security Update for ASUS Router…

  • CVE-2018-17127HigSep 17, 2018
    risk 0.49cvss 7.5epss 0.01

    blocking_request.cgi on ASUS GT-AC5300 devices through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (NULL pointer dereference and device crash) via a request that lacks a timestap parameter.

Page 1 of 6