VYPR

Vendor CVEs

Asus

All CVEs

285 total · sorted by risk
  • CVE-2018-17020HigSep 13, 2018
    risk 0.49cvss 7.5epss 0.02

    ASUS GT-AC5300 devices with firmware through 3.0.0.4.384_32738 allow remote attackers to cause a denial of service via a single "GET / HTTP/1.1\r\n" line.

  • CVE-2017-5892HigMay 10, 2017
    risk 0.49cvss 7.5epss 0.01

    ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 allow JSONP Information Disclosure such as a network map.

  • CVE-2015-7788HigDec 30, 2015
    risk 0.48cvss 7.3epss 0.02

    ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to execute arbitrary commands via unspecified vectors.

  • CVE-2026-8070HigMay 29, 2026
    risk 0.47cvss epss 0.00

    Incorrect permission assignment for a critical resource in Armoury Crate allows a local user to bypass the driver’s validation mechanism, resulting in unauthorized read and write access to physical memory.Refer to the '  Security Update for Armoury Crate App   ' section on…

  • CVE-2026-7480HigMay 29, 2026
    risk 0.47cvss epss 0.00

    An Incorrect Permission Assignment for Critical Resource vulnerability in ASUS System Control Interface allows a local user to elevate privileges to SYSTEM and execute arbitrary code via a crafted RPC call that bypass the validation mechanism. Refer to the 'Security Update for…

  • CVE-2025-9338HigNov 6, 2025
    risk 0.47cvss epss 0.00

    A improper restriction of operations within the bounds of a memory buffer exists in AsIO3.sys driver. This vulnerability can be triggered by manually executing a specially crafted process, potentially leading to local privilage escalation. For additional information, please…

  • CVE-2024-13062HigJan 2, 2025
    risk 0.47cvss 7.2epss 0.01

    An unintended entry point vulnerability has been identified in certain router models, which may allow for arbitrary command execution. Refer to the ' 01/02/2025 ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information.

  • CVE-2024-12912HigJan 2, 2025
    risk 0.47cvss 7.2epss 0.01

    An improper input insertion vulnerability in AiCloud on certain router models may lead to arbitrary command execution. Refer to the '01/02/2025 ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information.

  • CVE-2024-31163HigJun 14, 2024
    risk 0.47cvss 7.2epss 0.01

    ASUS Download Master has a buffer overflow vulnerability. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the device.

  • CVE-2024-31162HigJun 14, 2024
    risk 0.47cvss 7.2epss 0.01

    The specific function parameter of ASUS Download Master does not properly filter user input. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the device.

  • CVE-2024-0401HigMay 20, 2024
    risk 0.47cvss 7.2epss 0.01

    ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. An authenticated and remote attacker can execute arbitrary operating system commands by uploading a crafted OVPN profile. Known affected routers include ASUS ExpertWiFi, ASUS…

  • CVE-2018-17022HigSep 13, 2018
    risk 0.47cvss 7.2epss 0.02

    Stack-based buffer overflow on the ASUS GT-AC5300 router through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact by setting a long sh_path0 value and then sending an…

  • CVE-2017-5712HigNov 21, 2017
    risk 0.47cvss 7.2epss 0.04

    Buffer overflow in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allows attacker with remote Admin access to the system to execute arbitrary code with AMT execution privilege.

  • CVE-2025-11901HigDec 17, 2025
    risk 0.46cvss epss 0.00

    An uncontrolled resource consumption vulnerability affects certain ASUS motherboards using Intel B460, B560, B660, B760, H410, H510, H610, H470, Z590, Z690, Z790, W480, W680 series chipsets. Exploitation requires physical access to internal expansion slots to install a…

  • CVE-2025-4570MedJul 21, 2025
    risk 0.45cvss epss 0.00

    An insecure sensitive key storage issue was found in MyASUS. potentially allowing unauthorized actor to obtain a token that could be used to communicate with certain services. Refer to the 'Security Update for for MyASUS' section on the ASUS Security Advisory for more…

  • CVE-2026-3508MedMay 8, 2026
    risk 0.44cvss epss 0.00

    An Out-of-bounds Read vulnerability in the IOCTL handler in ASUS System Control Interface allows a local user to cause system crash (BSOD) via a read size that exceeds the buffer size.Refer to the ' Security Update for MyASUS ' section on the ASUS Security Advisory for more…

  • CVE-2025-14304MedDec 17, 2025
    risk 0.44cvss 6.8epss 0.00

    Certain motherboard models developed by ASRock and its subsidiaries, ASRockRack and ASRockInd. has a Protection Mechanism Failure vulnerability. Because IOMMU was not properly enabled, unauthenticated physical attackers can use a DMA-capable PCIe device to read and write…

  • CVE-2025-9337MedOct 13, 2025
    risk 0.44cvss epss 0.00

    A null pointer dereference has been identified in the AsIO3.sys driver. The vulnerability can be triggered by a specially crafted input, which may lead to a system crash (BSOD). Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more…

  • CVE-2025-9336MedOct 13, 2025
    risk 0.44cvss epss 0.00

    A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may leading to a system crash (BSOD) or other potentially undefined execution. Refer to the 'Security Update for Armoury Crate App' section on the…

  • CVE-2025-6398MedAug 1, 2025
    risk 0.44cvss epss 0.00

    A null pointer dereference vulnerability exists in the IOMap64.sys driver of ASUS AI Suite 3. The vulnerability can be triggered by a specially crafted input, which may lead to a system crash (BSOD). Refer to the ' Security Update for for AI Suite 3 ' section on the ASUS…

  • CVE-2023-33548MedMay 6, 2024
    risk 0.44cvss 6.8epss 0.01

    Cross Site Scripting (XSS) vulnerability in ASUS RT-AC51U with firmware versions up to and including 3.0.0.4.380.8591 allows attackers to run arbitrary code via the WPA Pre-Shared Key field.

  • CVE-2024-28326MedApr 26, 2024
    risk 0.44cvss 6.8epss 0.00

    Incorrect Access Control in ASUS RT-N12+ B1 and RT-N12 D1 routers allows local attackers to obtain root terminal access via the the UART interface.

  • CVE-2017-6547MedMar 9, 2017
    risk 0.43cvss 6.1epss 0.02

    Cross-site scripting (XSS) vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750…

  • CVE-2017-14699MedJan 29, 2018
    risk 0.42cvss 6.5epss 0.01

    Multiple XML external entity (XXE) vulnerabilities in the AiCloud feature on ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow…

  • CVE-2017-8878MedMay 10, 2017
    risk 0.42cvss 6.5epss 0.01

    ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 allow remote authenticated users to discover the Wi-Fi password via WPS_info.xml.

  • CVE-2017-8877MedMay 10, 2017
    risk 0.42cvss 6.5epss 0.01

    ASUS RT-AC* and RT-N* devices with firmware through 3.0.0.4.380.7378 allow JSONP Information Disclosure such as the SSID.

  • CVE-2017-5632MedJan 30, 2017
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered on the ASUS RT-N56U Wireless Router with Firmware 3.0.0.4.374_979. When executing an "nmap -O" command that specifies an IP address of an affected device, one can crash the device's WAN connection, causing disconnection from the Internet, a Denial of…

  • CVE-2024-28325MedApr 26, 2024
    risk 0.40cvss 6.1epss 0.00

    Asus RT-N12+ B1 router stores credentials in cleartext, which could allow local attackers to obtain unauthorized access and modify router settings.

  • CVE-2018-17021MedSep 13, 2018
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability on ASUS GT-AC5300 devices with firmware through 3.0.0.4.384_32738 allows remote attackers to inject arbitrary web script or HTML via the appGet.cgi hook parameter.

  • CVE-2018-0583MedMay 14, 2018
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting vulnerability in ASUS RT-AC1200HP Firmware version prior to 3.0.0.4.380.4180 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2018-0582MedMay 14, 2018
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting vulnerability in ASUS RT-AC68U Firmware version prior to 3.0.0.4.380.1031 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2018-0581MedMay 14, 2018
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting vulnerability in ASUS RT-AC87U Firmware version prior to 3.0.0.4.378.9383 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2017-12590MedMar 16, 2018
    risk 0.40cvss 6.1epss 0.01

    ASUS RT-N14UHP devices before 3.0.0.4.380.8015 have a reflected XSS vulnerability in the "flag" parameter.

  • CVE-2015-7790MedDec 30, 2015
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability on ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2025-59368MedNov 25, 2025
    risk 0.39cvss epss 0.00

    An integer underflow vulnerability has been identified in Aicloud. An authenticated attacker may trigger this vulnerability by sending a crafted request, potentially impacting the availability of the device. Refer to the ' Security Update for ASUS Router Firmware' section on…

  • CVE-2025-2027MedMar 28, 2025
    risk 0.38cvss epss 0.00

    A double free vulnerability has been identified in the ASUS System Analysis service. This vulnerability can be triggered by sending specially crafted local RPC requests, leading to the service crash and potentially memory manipulation in some rare circumstances. Refer to the…

  • CVE-2023-31889MedApr 29, 2024
    risk 0.36cvss 5.5epss 0.00

    An issue discovered in httpd in ASUS RT-AC51U with firmware version up to and including 3.0.0.4.380.8591 allows local attackers to cause a denial of service via crafted GET request.

  • CVE-2026-1880MedApr 16, 2026
    risk 0.35cvss epss 0.00

    An Incorrect Permission Assignment for Critical Resource vulnerability in the ASUS DriverHub update process allows privilege escalation due to improper protection of required execution resources during the validation phase, permitting a local user to make unprivileged…

  • CVE-2024-28328MedApr 26, 2024
    risk 0.35cvss 5.4epss 0.00

    CSV Injection vulnerability in the Asus RT-N12+ router allows administrator users to inject arbitrary commands or formulas in the client name parameter which can be triggered and executed in a different user session upon exporting to CSV format.

  • CVE-2017-12591MedAug 18, 2017
    risk 0.35cvss 5.4epss 0.01

    ASUS DSL-N10S V2.1.16_APAC devices have reflected and stored cross site scripting, as demonstrated by the snmpSysName parameter.

  • CVE-2024-55408MedJan 6, 2025
    risk 0.34cvss 5.3epss 0.00

    An improper access control vulnerability in the AsusSAIO.sys driver may lead to the misuse of software functionality utilizing the driver when crafted IOCTL requests are supplied.

  • CVE-2025-11775MedDec 17, 2025
    risk 0.31cvss epss 0.00

    An out-of-bounds read vulnerability has been identified in the asComSvc service. This vulnerability can be triggered by sending specially crafted requests, which may lead to a service crash or partial loss of functionality. This vulnerability only affects ASUS motherboard series…

  • CVE-2025-1354MedFeb 16, 2025
    risk 0.31cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in the RT-N10E/ RT-N12E 2.0.0.x firmware . This vulnerability caused by improper input validation and can be triggered via the manipulation of the SSID argument in the sysinfo.asp file, leading to disclosure of sensitive information.…

  • CVE-2015-7789MedDec 30, 2015
    risk 0.28cvss 4.3epss 0.01

    ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to cause a denial of service via unspecified vectors.

  • CVE-2015-7787MedDec 30, 2015
    risk 0.28cvss 4.3epss 0.01

    ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to discover the WPA2-PSK passphrase via unspecified vectors.

  • CVE-2021-32030KEVMay 6, 2021
    risk 0.20cvss epss 0.99

    The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 and Lyra Mini before 3.0.0.4_384_46630 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator interface. This…

  • CVE-2023-39780KEVSep 11, 2023
    risk 0.16cvss epss 0.32

    On ASUS RT-AX55 3.0.0.4.386.51598 devices, authenticated attackers can perform OS command injection via the /start_apply.htm qos_bw_rulelist parameter. NOTE: for the similar "token-generated module" issue, see CVE-2023-41345; for the similar "token-refresh module" issue, see…

  • CVE-2025-59374KEVDec 17, 2025
    risk 0.14cvss epss 0.01

    "UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended…

  • CVE-2026-6737LowMay 8, 2026
    risk 0.13cvss epss 0.00

    An Exposed IOCTL with Insufficient Access Control vulnerability in AsusPTPFilter allows a local user to bypass driver security mechanisms and obtain restricted touchpad information or render the touchpad unusable via crafted IOCTL requests.Refer to the ' Security Update for…

  • CVE-2023-26602Feb 26, 2023
    risk 0.09cvss epss 0.17

    ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution.

Page 2 of 6