Filtered by vendor Asus Subscriptions
Total 281 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-28207 1 Asus 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more 2024-09-16 4.9 Medium
The specific function in ASUS BMC’s firmware Web management page (Get Help file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
CVE-2022-25597 1 Asus 2 Rt-ac86u, Rt-ac86u Firmware 2024-09-16 8.8 High
ASUS RT-AC86U’s LPD service has insufficient filtering for special characters in the user request, which allows an unauthenticated LAN attacker to perform command injection attack, execute arbitrary commands and disrupt or terminate service.
CVE-2009-3091 1 Asus 1 Asus Wl-330ge 2024-09-16 N/A
Unspecified vulnerability on the ASUS WL-330gE has unknown impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
CVE-2018-17021 1 Asus 2 Gt-ac5300, Gt-ac5300 Firmware 2024-09-16 N/A
Cross-site scripting (XSS) vulnerability on ASUS GT-AC5300 devices with firmware through 3.0.0.4.384_32738 allows remote attackers to inject arbitrary web script or HTML via the appGet.cgi hook parameter.
CVE-2021-28184 1 Asus 6 Asmb8-ikvm, Asmb8-ikvm Firmware, Z10pe-d16 Ws and 3 more 2024-09-16 4.9 Medium
The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVE-2021-28206 1 Asus 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more 2024-09-16 4.9 Medium
The specific function in ASUS BMC’s firmware Web management page (Record video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
CVE-2019-11061 1 Asus 2 Hg100, Hg100 Firmware 2024-09-16 N/A
A broken access control vulnerability in HG100 firmware versions up to 4.00.06 allows an attacker in the same local area network to control IoT devices that connect with itself via http://[target]/smarthome/devicecontrol without any authentication. CVSS 3.0 base score 10 (Confidentiality, Integrity and Availability impacts). CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
CVE-2021-28195 1 Asus 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more 2024-09-16 4.9 Medium
The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVE-2022-21933 1 Asus 26 Pa90, Pa90 Firmware, Pb50 and 23 more 2024-09-16 6.7 Medium
ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service.
CVE-2009-3092 1 Asus 1 Asus Wl-500w 2024-09-16 N/A
Buffer overflow on the ASUS WL-500W wireless router has unknown impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
CVE-2021-28198 1 Asus 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more 2024-09-16 4.9 Medium
The Firmware protocol configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVE-2022-23972 1 Asus 2 Rt-ax56u, Rt-ax56u Firmware 2024-09-16 8.8 High
ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation. An unauthenticated LAN attacker to inject arbitrary SQL code to read, modify and delete database.
CVE-2022-26672 1 Asus 1 Webstorage 2024-09-16 7.3 High
ASUS WebStorage has a hardcoded API Token in the APP source code. An unauthenticated remote attacker can use this token to establish connections with the server and carry out login attempts to general user accounts. A successful login to a general user account allows the attacker to access, modify or delete this user account information.
CVE-2017-5711 3 Asus, Intel, Siemens 394 B150-a, B150-a Firmware, B150-plus and 391 more 2024-09-16 7.8 High
Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege.
CVE-2021-28177 1 Asus 6 Asmb8-ikvm, Asmb8-ikvm Firmware, Z10pe-d16 Ws and 3 more 2024-09-16 4.9 Medium
The LDAP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVE-2021-28191 1 Asus 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more 2024-09-16 4.9 Medium
The Firmware update function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVE-2021-28197 1 Asus 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more 2024-09-16 4.9 Medium
The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVE-2021-37910 1 Asus 10 Gt-axe11000, Gt-axe11000 Firmware, Rt-ax3000 and 7 more 2024-09-16 3.7 Low
ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has improper control of Interaction frequency vulnerability, an unauthenticated attacker can remotely disconnect other users' connections by sending specially crafted SAE authentication frames.
CVE-2021-28196 1 Asus 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more 2024-09-16 4.9 Medium
The specific function in ASUS BMC’s firmware Web management page (Generate SSL certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVE-2018-18291 1 Asus 2 Rt-ac58u, Rt-ac58u Firmware 2024-09-16 N/A
A cross site scripting (XSS) vulnerability on ASUS RT-AC58U 3.0.0.4.380_6516 devices allows remote attackers to inject arbitrary web script or HTML via Advanced_ASUSDDNS_Content.asp, Advanced_WSecurity_Content.asp, Advanced_Wireless_Content.asp, Logout.asp, Main_Login.asp, MobileQIS_Login.asp, QIS_wizard.htma, YandexDNS.asp, ajax_status.xml, apply.cgi, clients.asp, disk.asp, disk_utility.asp, or internet.asp.