Filtered by vendor Asus Subscriptions
Filtered by product Gt-ac2900 Subscriptions
Total 4 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-20333 1 Asus 47 Asuswrt, Gt-ac2900, Gt-ac5300 and 44 more 2024-08-05 7.5 High
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /update_applist.asp to see if a USB device is attached to the router and if there are apps installed on the router.
CVE-2018-20335 1 Asus 47 Asuswrt, Gt-ac2900, Gt-ac5300 and 44 more 2024-08-05 7.5 High
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can trigger a DoS of the httpd service via the /APP_Installation.asp?= URI.
CVE-2018-20334 1 Asus 47 Asuswrt, Gt-ac2900, Gt-ac5300 and 44 more 2024-08-05 9.8 Critical
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell.
CVE-2021-32030 1 Asus 2 Gt-ac2900, Gt-ac2900 Firmware 2024-08-03 9.8 Critical
The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator interface. This relates to handle_request in router/httpd/httpd.c and auth_check in web_hook.o. An attacker-supplied value of '\0' matches the device's default value of '\0' in some situations.