Filtered by vendor Asus
Subscriptions
Total
281 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-0647 | 1 Asus | 2 Wl-330nul, Wl-330nul Firmware | 2024-11-21 | N/A |
| Cross-site request forgery (CSRF) vulnerability in WL-330NUL Firmware version prior to 3.0.0.46 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | ||||
| CVE-2018-0583 | 1 Asus | 2 Rt-ac1200hp, Rt-ac1200hp Firmware | 2024-11-21 | N/A |
| Cross-site scripting vulnerability in ASUS RT-AC1200HP Firmware version prior to 3.0.0.4.380.4180 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2018-0582 | 1 Asus | 2 Rt-ac68u, Rt-ac68u Firmware | 2024-11-21 | N/A |
| Cross-site scripting vulnerability in ASUS RT-AC68U Firmware version prior to 3.0.0.4.380.1031 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2018-0581 | 1 Asus | 2 Rt-ac87u, Rt-ac87u Firmware | 2024-11-21 | N/A |
| Cross-site scripting vulnerability in ASUS RT-AC87U Firmware version prior to 3.0.0.4.378.9383 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2017-8878 | 1 Asus | 2 Rt-ac1750, Rt-ac1750 Firmware | 2024-11-21 | N/A |
| ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 allow remote authenticated users to discover the Wi-Fi password via WPS_info.xml. | ||||
| CVE-2017-8877 | 1 Asus | 2 Rt-ac1750, Rt-ac1750 Firmware | 2024-11-21 | N/A |
| ASUS RT-AC* and RT-N* devices with firmware through 3.0.0.4.380.7378 allow JSONP Information Disclosure such as the SSID. | ||||
| CVE-2017-6549 | 1 Asus | 2 Rt-ac53, Rt-ac53 Firmware | 2024-11-21 | N/A |
| Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before 3.0.0.4.380.7378; RT-AC68W routers with firmware before 3.0.0.4.380.7266; and RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1, and RT-N12+ Pro routers with firmware before 3.0.0.4.380.9488; and Asuswrt-Merlin firmware before 380.65_2 allows remote attackers to steal any active admin session by sending cgi_logout and asusrouter-Windows-IFTTT-1.0 in certain HTTP headers. | ||||
| CVE-2017-6548 | 1 Asus | 2 Rt-ac53, Rt-ac53 Firmware | 2024-11-21 | N/A |
| Buffer overflows in networkmap on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before 3.0.0.4.380.7378; RT-AC68W routers with firmware before 3.0.0.4.380.7266; and RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1, and RT-N12+ Pro routers with firmware before 3.0.0.4.380.9488; and Asuswrt-Merlin firmware before 380.65_2 allow remote attackers to execute arbitrary code on the router via a long host or port in crafted multicast messages. | ||||
| CVE-2017-6547 | 1 Asus | 2 Rt-ac53, Rt-ac53 Firmware | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before 3.0.0.4.380.7378; RT-AC68W routers with firmware before 3.0.0.4.380.7266; and RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1, and RT-N12+ Pro routers with firmware before 3.0.0.4.380.9488 allows remote attackers to inject arbitrary JavaScript by requesting filenames longer than 50 characters. | ||||
| CVE-2017-5892 | 1 Asus | 2 Rt-ac1750, Rt-ac1750 Firmware | 2024-11-21 | N/A |
| ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 allow JSONP Information Disclosure such as a network map. | ||||
| CVE-2017-5891 | 1 Asus | 2 Rt-ac1750, Rt-ac1750 Firmware | 2024-11-21 | N/A |
| ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 have Login Page CSRF and Save Settings CSRF. | ||||
| CVE-2017-5712 | 3 Asus, Intel, Siemens | 394 B150-a, B150-a Firmware, B150-plus and 391 more | 2024-11-21 | 7.2 High |
| Buffer overflow in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allows attacker with remote Admin access to the system to execute arbitrary code with AMT execution privilege. | ||||
| CVE-2017-5711 | 3 Asus, Intel, Siemens | 394 B150-a, B150-a Firmware, B150-plus and 391 more | 2024-11-21 | 7.8 High |
| Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege. | ||||
| CVE-2017-5632 | 1 Asus | 2 Rt-n56u, Rt-n56u Firmware | 2024-11-21 | N/A |
| An issue was discovered on the ASUS RT-N56U Wireless Router with Firmware 3.0.0.4.374_979. When executing an "nmap -O" command that specifies an IP address of an affected device, one can crash the device's WAN connection, causing disconnection from the Internet, a Denial of Service (DoS). The attack is only possible from within the local area network. | ||||
| CVE-2017-17945 | 1 Asus | 2 Hivivo, Vivobaby | 2024-11-21 | N/A |
| The ASUS HiVivo aspplication before 5.6.27 for ASUS Watch has Missing SSL Certificate Validation. | ||||
| CVE-2017-17944 | 1 Asus | 2 Hivivo, Vivobaby | 2024-11-21 | N/A |
| The ASUS Vivobaby application before 1.1.09 for Android has Missing SSL Certificate Validation. | ||||
| CVE-2017-15656 | 1 Asus | 1 Asuswrt | 2024-11-21 | N/A |
| Password are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt. | ||||
| CVE-2017-15655 | 1 Asus | 1 Asuswrt | 2024-11-21 | N/A |
| Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version <=3.0.0.4.376.X. All have been fixed in version 3.0.0.4.378, but this vulnerability was not previously disclosed. Some end-of-life routers have this version as the newest and thus are vulnerable at this time. This vulnerability allows for RCE with administrator rights when the administrator visits several pages. | ||||
| CVE-2017-15654 | 1 Asus | 1 Asuswrt | 2024-11-21 | N/A |
| Highly predictable session tokens in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allow gaining administrative router access. | ||||
| CVE-2017-15653 | 1 Asus | 1 Asuswrt | 2024-11-21 | N/A |
| Improper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string. | ||||