VYPR

Vendor CVEs

Asus

All CVEs

285 total · sorted by risk
  • CVE-2013-4656Nov 13, 2019
    risk 0.00cvss epss 0.02

    Symlink Traversal vulnerability in ASUS RT-AC66U and RT-N56U due to misconfiguration in the SMB service.

  • CVE-2019-18216Oct 20, 2019
    risk 0.00cvss epss 0.00

    The BIOS configuration design on ASUS ROG Zephyrus M GM501GS laptops with BIOS 313 relies on the main battery instead of using a CMOS battery, which reduces the value of a protection mechanism in which booting from a USB device is prohibited. Attackers who have physical laptop…

  • CVE-2018-20336Sep 17, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in ASUSWRT 3.0.0.4.384.20308. There is a stack-based buffer overflow issue in parse_req_queries function in wanduck.c via a long string over UDP, which may lead to an information leak.

  • CVE-2017-17945Jun 24, 2019
    risk 0.00cvss epss 0.01

    The ASUS HiVivo aspplication before 5.6.27 for ASUS Watch has Missing SSL Certificate Validation.

  • CVE-2017-17944Jun 20, 2019
    risk 0.00cvss epss 0.01

    The ASUS Vivobaby application before 1.1.09 for Android has Missing SSL Certificate Validation.

  • CVE-2018-14713May 13, 2019
    risk 0.00cvss epss 0.04

    Format string vulnerability in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to read arbitrary sections of memory and CPU registers via the "hook" URL parameter.

  • CVE-2018-14712May 13, 2019
    risk 0.00cvss epss 0.04

    Buffer overflow in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to inject system commands via the "hook" URL parameter.

  • CVE-2018-14711May 13, 2019
    risk 0.00cvss epss 0.01

    Missing cross-site request forgery protection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to cause state-changing actions with specially crafted URLs.

  • CVE-2018-14710May 13, 2019
    risk 0.00cvss epss 0.05

    Cross-site scripting in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute JavaScript via the "hook" URL parameter.

  • CVE-2018-14993Apr 25, 2019
    risk 0.00cvss epss 0.00

    The ASUS Zenfone V Live Android device with a build fingerprint of asus/VZW_ASUS_A009/ASUS_A009:7.1.1/NMF26F/14.0610.1802.78-20180313:user/release-keys and the Asus ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.9…

  • CVE-2018-14980Apr 25, 2019
    risk 0.00cvss epss 0.00

    The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains the android framework (i.e., system_server) with a package name of android (versionCode=24, versionName=7.0) that has…

  • CVE-2018-14979Dec 28, 2018
    risk 0.00cvss epss 0.00

    The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains a pre-installed app with a package name of com.asus.loguploader (versionCode=1570000275,…

  • CVE-2018-14992Dec 28, 2018
    risk 0.00cvss epss 0.00

    The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains a pre-installed platform app with a package name of com.asus.dm (versionCode=1510500200, versionName=1.5.0.40_171122)…

  • CVE-2018-18537Dec 26, 2018
    risk 0.00cvss epss 0.01

    The GLCKIo low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes a path to write an arbitrary DWORD to an arbitrary address.

  • CVE-2018-18535Dec 26, 2018
    risk 0.00cvss epss 0.01

    The Asusgio low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes functionality to read and write Machine Specific Registers (MSRs). This could be leveraged to execute arbitrary ring-0 code.

  • CVE-2018-18536Dec 26, 2018
    risk 0.00cvss epss 0.01

    The GLCKIo and Asusgio low-level drivers in ASUS Aura Sync v1.07.22 and earlier expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.

  • CVE-2018-18287Oct 14, 2018
    risk 0.00cvss epss 0.02

    On ASUS RT-AC58U 3.0.0.4.380_6516 devices, remote attackers can discover hostnames and IP addresses by reading dhcpLeaseInfo data in the HTML source code of the Main_Login.asp page.

  • CVE-2018-18291Oct 14, 2018
    risk 0.00cvss epss 0.01

    A cross site scripting (XSS) vulnerability on ASUS RT-AC58U 3.0.0.4.380_6516 devices allows remote attackers to inject arbitrary web script or HTML via Advanced_ASUSDDNS_Content.asp, Advanced_WSecurity_Content.asp, Advanced_Wireless_Content.asp, Logout.asp, Main_Login.asp,…

  • CVE-2015-2681Mar 23, 2015
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in the ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) next_page, (2) group_id, (3) action_script, or (4) flag parameter to start_apply.htm.

  • CVE-2015-2676Mar 23, 2015
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request to start_apply.htm.

  • CVE-2015-1437Feb 4, 2015
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Asus RT-N10+ D1 router with firmware 2.1.1.1.70 allow remote attackers to inject arbitrary web script or HTML via the flag parameter to (1) result_of_get_changed_status.asp or (2) error_page.htm.

  • CVE-2014-7270Feb 1, 2015
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability on ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware…

  • CVE-2014-7269Feb 1, 2015
    risk 0.00cvss epss 0.02

    ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with…

  • CVE-2014-2718Nov 4, 2014
    risk 0.00cvss epss 0.01

    ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and possibly other RT-series routers before firmware 3.0.0.4.376.x do not verify the integrity of firmware (1) update information or (2) downloaded updates, which allows man-in-the-middle…

  • CVE-2014-2925Apr 22, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Advanced_Wireless_Content.asp in ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote attackers to inject arbitrary web script or HTML via the current_page parameter to apply.cgi.

  • CVE-2014-2719Apr 22, 2014
    risk 0.00cvss epss 0.01

    Advanced_System_Content.asp in the ASUS RT series routers with firmware before 3.0.0.4.374.5517, when an administrator session is active, allows remote authenticated users to obtain the administrator user name and password by reading the source code.

  • CVE-2013-7293Jan 15, 2014
    risk 0.00cvss epss 0.01

    The ASUS WL-330NUL router has a configuration process that relies on accessing the 192.168.1.1 IP address, but the documentation advises users to instead access a DNS hostname that does not always resolve to 192.168.1.1, which makes it easier for remote attackers to hijack the…

  • CVE-2013-3610Oct 5, 2013
    risk 0.00cvss epss 0.01

    qis/QIS_finish.htm on the ASUS RT-N10E router with firmware before 2.0.0.25 does not require authentication, which allows remote attackers to discover the administrator password via a direct request.

  • CVE-2013-4937Jul 26, 2013
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in the AiCloud feature on the ASUS RT-AC66U, RT-N66U, RT-N65U, RT-N14U, RT-N16, RT-N56U, and DSL-N55U with firmware before 3.0.4.372 have unknown impact and attack vectors.

  • CVE-2011-4497Nov 21, 2011
    risk 0.00cvss epss 0.01

    QIS_wizard.htm on the ASUS RT-N56U router with firmware before 1.0.1.4o allows remote attackers to obtain the administrator password via a flag=detect request.

  • CVE-2009-3093Sep 8, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability on the ASUS WL-500W wireless router has unknown impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the…

  • CVE-2009-3092Sep 8, 2009
    risk 0.00cvss epss 0.02

    Buffer overflow on the ASUS WL-500W wireless router has unknown impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack…

  • CVE-2009-3091Sep 8, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability on the ASUS WL-330gE has unknown impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author…

  • CVE-2009-0656Feb 20, 2009
    risk 0.00cvss epss 0.00

    Asus SmartLogon 1.0.0005 allows physically proximate attackers to bypass "security functions" by presenting an image with a modified viewpoint that matches the posture of a stored image of the authorized notebook user.

  • CVE-2005-3490Nov 4, 2005
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in the web server in Asus Video Security 3.5.0.0 and earlier allows remote attackers to read arbitrary files via "../" or "..\" sequences in the URL.

Page 6 of 6