Filtered by vendor Asus Subscriptions
Total 278 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-34360 1 Asus 2 Rt-ax88u, Rt-ax88u Firmware 2024-09-27 8.2 High
A stored cross-site scripting (XSS) issue was discovered within the Custom User Icons functionality of ASUS RT-AX88U running firmware versions 3.0.0.4.388.23110 and prior.  After a remote attacker logging in device with regular user privilege, the remote attacker can perform a Stored Cross-site Scripting (XSS) attack by uploading image which containing JavaScript code.
CVE-2023-38031 1 Asus 2 Rt-ac86u, Rt-ac86u Firmware 2024-09-26 8.8 High
ASUS RT-AC86U Adaptive QoS - Web History function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.
CVE-2023-38032 1 Asus 2 Rt-ac86u, Rt-ac86u Firmware 2024-09-26 8.8 High
ASUS RT-AC86U AiProtection security- related function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.
CVE-2023-38033 1 Asus 2 Rt-ac86u, Rt-ac86u Firmware 2024-09-26 8.8 High
ASUS RT-AC86U unused Traffic Analyzer legacy Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.
CVE-2023-39240 1 Asus 6 Rt-ac86u, Rt-ac86u Firmware, Rt-ax55 and 3 more 2024-09-26 7.2 High
It is identified a format string vulnerability in ASUS RT-AX56U V2’s iperf client function API. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_cli.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service.
CVE-2023-39236 1 Asus 2 Rt-ac86u, Rt-ac86u Firmware 2024-09-26 8.8 High
ASUS RT-AC86U Traffic Analyzer - Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.
CVE-2023-39237 1 Asus 2 Rt-ac86u, Rt-ac86u Firmware 2024-09-26 8.8 High
ASUS RT-AC86U Traffic Analyzer - Apps analysis function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.
CVE-2023-39238 1 Asus 6 Rt-ac86u, Rt-ac86u Firmware, Rt-ax55 and 3 more 2024-09-26 7.2 High
It is identified a format string vulnerability in ASUS RT-AX56U V2. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_svr.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service.
CVE-2023-39239 1 Asus 6 Rt-ac86u, Rt-ac86u Firmware, Rt-ax55 and 3 more 2024-09-26 7.2 High
It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API. This vulnerability is caused by lacking validation for a specific value within its apply.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service.
CVE-2023-39780 1 Asus 2 Rt-ax55, Rt-ax55 Firmware 2024-09-26 8.8 High
ASUS RT-AX55 v3.0.0.4.386.51598 was discovered to contain an authenticated command injection vulnerability.
CVE-2023-41349 1 Asus 2 Rt-ax88u, Rt-ax88u Firmware 2024-09-25 8.8 High
ASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. An authenticated remote attacker can exploit the exported OpenVPN configuration to execute an externally-controlled format string attack, resulting in sensitivity information leakage, or forcing the device to reset and permanent denial of service.
CVE-2021-28194 1 Asus 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more 2024-09-17 4.9 Medium
The specific function in ASUS BMC’s firmware Web management page (Remote image configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVE-2022-23971 1 Asus 2 Rt-ax56u, Rt-ax56u Firmware 2024-09-17 8.1 High
ASUS RT-AX56U’s update_PLC/PORT file has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another PLC/PORT file with the same file name, which results in service disruption.
CVE-2018-17022 1 Asus 2 Gt-ac5300, Gt-ac5300 Firmware 2024-09-17 N/A
Stack-based buffer overflow on the ASUS GT-AC5300 router through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact by setting a long sh_path0 value and then sending an appGet.cgi?hook=select_list("Storage_x_SharedPath") request, because ej_select_list in router/httpd/web.c uses strcpy.
CVE-2021-28193 1 Asus 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more 2024-09-17 4.9 Medium
The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVE-2021-28183 1 Asus 6 Asmb8-ikvm, Asmb8-ikvm Firmware, Z10pe-d16 Ws and 3 more 2024-09-17 4.9 Medium
The specific function in ASUS BMC’s firmware Web management page (Web License configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVE-2021-28204 1 Asus 6 Asmb8-ikvm, Asmb8-ikvm Firmware, Z10pe-d16 Ws and 3 more 2024-09-17 7.2 High
The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary.
CVE-2021-28192 1 Asus 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more 2024-09-17 4.9 Medium
The specific function in ASUS BMC’s firmware Web management page (Remote video storage function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVE-2013-4937 1 Asus 14 Dsl-n55u, Dsl-n56u Firmware, Rt-ac66u and 11 more 2024-09-17 N/A
Multiple unspecified vulnerabilities in the AiCloud feature on the ASUS RT-AC66U, RT-N66U, RT-N65U, RT-N14U, RT-N16, RT-N56U, and DSL-N55U with firmware before 3.0.4.372 have unknown impact and attack vectors.
CVE-2022-26668 1 Asus 1 Control Center 2024-09-17 7.3 High
ASUS Control Center API has a broken access control vulnerability. An unauthenticated remote attacker can call privileged API functions to perform partial system operations or cause partial disrupt of service.