Filtered by vendor Asus Subscriptions
Total 281 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2017-15361 35 Acer, Aopen, Asi and 32 more 126 C720 Chromebook, Chromebase, Chromebase 24 and 123 more 2024-11-21 N/A
The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.
CVE-2017-14699 1 Asus 32 Dsl-ac51, Dsl-ac51 Firmware, Dsl-ac52u and 29 more 2024-11-21 N/A
Multiple XML external entity (XXE) vulnerabilities in the AiCloud feature on ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote authenticated users to read arbitrary files via a crafted DTD in (1) an UPDATEACCOUNT or (2) a PROPFIND request.
CVE-2017-14698 1 Asus 32 Dsl-ac51, Dsl-ac51 Firmware, Dsl-ac52u and 29 more 2024-11-21 N/A
ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote attackers to change passwords of arbitrary users via the http_passwd parameter to mod_login.asp.
CVE-2017-12593 1 Asus 2 Dsl-n10s Firmware, Dsl-n10s Router 2024-11-21 N/A
ASUS DSL-N10S V2.1.16_APAC devices allow CSRF.
CVE-2017-12592 1 Asus 2 Dsl-n10s, Dsl-n10s Firmware 2024-11-21 N/A
ASUS DSL-N10S V2.1.16_APAC devices have a privilege escalation vulnerability. A normal user can escalate its privilege and perform administrative actions. There is no mapping of users with their privileges.
CVE-2017-12591 1 Asus 2 Dsl-n10s, Dsl-n10s Firmware 2024-11-21 N/A
ASUS DSL-N10S V2.1.16_APAC devices have reflected and stored cross site scripting, as demonstrated by the snmpSysName parameter.
CVE-2017-12590 1 Asus 2 Rt-n14uhp, Rt-n14uhp Firmware 2024-11-21 N/A
ASUS RT-N14UHP devices before 3.0.0.4.380.8015 have a reflected XSS vulnerability in the "flag" parameter.
CVE-2016-6558 1 Asus 14 Ea-n66, Ea-n66 Firmware, Rp-ac52 and 11 more 2024-11-21 N/A
A command injection vulnerability exists in apply.cgi on the ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, web interface specifically in the action_script parameter. The action_script parameter specifies a script to be executed if the action_mode parameter does not contain a valid state. If the input provided by action_script does not match one of the hard coded options, then it will be executed as the argument of either a system() or an eval() call allowing arbitrary commands to be executed.
CVE-2016-6557 1 Asus 14 Ea-n66, Ea-n66 Firmware, Rp-ac52 and 11 more 2024-11-21 N/A
In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request.
CVE-2015-7790 1 Asus 2 Wl-330nul, Wl-330nul Firmware 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability on ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-7789 1 Asus 2 Wl-330nul, Wl-33nul Firmware 2024-11-21 N/A
ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to cause a denial of service via unspecified vectors.
CVE-2015-7788 1 Asus 2 Wl-330nul, Wl-330nul Firmware 2024-11-21 N/A
ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to execute arbitrary commands via unspecified vectors.
CVE-2015-7787 1 Asus 2 Wl-330nul, Wl-330nul Firmware 2024-11-21 N/A
ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to discover the WPA2-PSK passphrase via unspecified vectors.
CVE-2015-6949 1 Asus 1 Tm-1900 2024-11-21 N/A
Stack-based buffer overflow in the ASUS TM-AC1900 router allows remote attackers to execute arbitrary code via crafted HTTP header values.
CVE-2015-2681 1 Asus 2 Rt-g32, Rt-g32 Firmware 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) next_page, (2) group_id, (3) action_script, or (4) flag parameter to start_apply.htm.
CVE-2015-2676 1 Asus 2 Rt-g32, Rt-g32 Firmware 2024-11-21 N/A
Cross-site request forgery (CSRF) vulnerability in the ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request to start_apply.htm.
CVE-2015-1437 1 Asus 2 Rt-n10\+d1, Rt-n10\+d1 Firmware 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Asus RT-N10+ D1 router with firmware 2.1.1.1.70 allow remote attackers to inject arbitrary web script or HTML via the flag parameter to (1) result_of_get_changed_status.asp or (2) error_page.htm.
CVE-2014-9583 2 Asus, T-mobile 4 Rt-ac66u, Rt-n66u, Wrt Firmware and 1 more 2024-11-21 N/A
common.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC66U, RT-N66U, and other routers, does not properly check the MAC address for a request, which allows remote attackers to bypass authentication and execute arbitrary commands via a NET_CMD_ID_MANU_CMD packet to UDP port 9999. NOTE: this issue was incorrectly mapped to CVE-2014-10000, but that ID is invalid due to its use as an example of the 2014 CVE ID syntax change.
CVE-2014-7270 1 Asus 10 Rt-ac56s, Rt-ac56s Firmware, Rt-ac68u and 7 more 2024-11-21 N/A
Cross-site request forgery (CSRF) vulnerability on ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allows remote attackers to hijack the authentication of arbitrary users.
CVE-2014-7269 1 Asus 10 Rt-ac56s, Rt-ac56s Firmware, Rt-ac68u and 7 more 2024-11-21 N/A
ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.