Filtered by vendor Asus Subscriptions
Total 281 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-11063 1 Asus 1 Smarthome 2024-09-16 N/A
A broken access control vulnerability in SmartHome app (Android versions up to 3.0.42_190515, ios versions up to 2.0.22) allows an attacker in the same local area network to list user accounts and control IoT devices that connect with its gateway (HG100) via http://[target]/smarthome/devicecontrol without any authentication. CVSS 3.0 base score 10 (Confidentiality, Integrity and Availability impacts). CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
CVE-2019-11060 1 Asus 2 Hg100, Hg100 Firmware 2024-09-16 7.5 High
The web api server on Port 8080 of ASUS HG100 firmware up to 1.05.12, which is vulnerable to Slowloris HTTP Denial of Service: an attacker can cause a Denial of Service (DoS) by sending headers very slowly to keep HTTP or HTTPS connections and associated resources alive for a long period of time. CVSS 3.0 Base score 7.4 (Availability impacts). CVSS vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).
CVE-2013-3610 1 Asus 2 Rt-n10e, Rt-n10e Firmware 2024-09-16 N/A
qis/QIS_finish.htm on the ASUS RT-N10E router with firmware before 2.0.0.25 does not require authentication, which allows remote attackers to discover the administrator password via a direct request.
CVE-2021-28178 1 Asus 6 Asmb8-ikvm, Asmb8-ikvm Firmware, Z10pe-d16 Ws and 3 more 2024-09-16 4.9 Medium
The UEFI configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVE-2021-28190 1 Asus 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more 2024-09-16 4.9 Medium
The specific function in ASUS BMC’s firmware Web management page (Generate new certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVE-2022-25595 1 Asus 2 Rt-ac86u, Rt-ac86u Firmware 2024-09-16 6.5 Medium
ASUS RT-AC86U has improper user request handling, which allows an unauthenticated LAN attacker to cause a denial of service by sending particular request a server-to-client reply attempt.
CVE-2022-26674 1 Asus 2 Rt-ax88u, Rt-ax88u Firmware 2024-09-16 9.8 Critical
ASUS RT-AX88U has a Format String vulnerability, which allows an unauthenticated remote attacker to write to arbitrary memory address and perform remote arbitrary code execution, arbitrary system operation or disrupt service.
CVE-2018-17023 1 Asus 2 Gt-ac5300, Gt-ac5300 Firmware 2024-09-16 N/A
Cross-site request forgery (CSRF) vulnerability on ASUS GT-AC5300 routers with firmware through 3.0.0.4.384_32738 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request to start_apply.htm.
CVE-2021-28187 1 Asus 6 Asmb8-ikvm, Asmb8-ikvm Firmware, Z10pe-d16 Ws and 3 more 2024-09-16 4.9 Medium
The specific function in ASUS BMC’s firmware Web management page (Generate new SSL certificate) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVE-2021-28209 1 Asus 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more 2024-09-16 4.9 Medium
The specific function in ASUS BMC’s firmware Web management page (Delete video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
CVE-2021-44158 1 Asus 2 Rt-ax56u, Rt-ax56u Firmware 2024-09-16 8 High
ASUS RT-AX56U Wi-Fi Router is vulnerable to stack-based buffer overflow due to improper validation for httpd parameter length. An authenticated local area network attacker can launch arbitrary code execution to control the system or disrupt service.
CVE-2021-28199 1 Asus 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more 2024-09-16 4.9 Medium
The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVE-2021-28200 1 Asus 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more 2024-09-16 4.9 Medium
The CD media configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVE-2022-38699 1 Asus 1 Armoury Crate Service 2024-09-16 5.9 Medium
Armoury Crate Service’s logging function has insufficient validation to check if the log file is a symbolic link. A physical attacker with general user privilege can modify the log file property to a symbolic link that points to arbitrary system file, causing the logging function to overwrite the system file and disrupt the system.
CVE-2021-28188 1 Asus 6 Asmb8-ikvm, Asmb8-ikvm Firmware, Z10pe-d16 Ws and 3 more 2024-09-16 4.9 Medium
The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVE-2023-41345 1 Asus 2 Rt-ax55, Rt-ax55 Firmware 2024-09-06 8.8 High
ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-generated module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system, or terminate services.
CVE-2023-41346 1 Asus 2 Rt-ax55, Rt-ax55 Firmware 2024-09-06 8.8 High
ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-refresh module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services.
CVE-2023-41348 1 Asus 2 Rt-ax55, Rt-ax55 Firmware 2024-09-06 8.8 High
ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its code-authentication module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services.
CVE-2023-41347 1 Asus 2 Rt-ax55, Rt-ax55 Firmware 2024-09-04 8.8 High
ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its check token module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services.
CVE-2023-47678 1 Asus 2 Rt-ac87u, Rt-ac87u Firmware 2024-08-27 9.1 Critical
An improper access control vulnerability exists in RT-AC87U all versions. An attacker may read or write files that are not intended to be accessed by connecting to a target device via tftp.