Filtered by vendor Asus
Subscriptions
Total
278 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-28194 | 1 Asus | 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more | 2024-09-17 | 4.9 Medium |
| The specific function in ASUS BMC’s firmware Web management page (Remote image configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | ||||
| CVE-2022-23971 | 1 Asus | 2 Rt-ax56u, Rt-ax56u Firmware | 2024-09-17 | 8.1 High |
| ASUS RT-AX56U’s update_PLC/PORT file has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another PLC/PORT file with the same file name, which results in service disruption. | ||||
| CVE-2018-17022 | 1 Asus | 2 Gt-ac5300, Gt-ac5300 Firmware | 2024-09-17 | N/A |
| Stack-based buffer overflow on the ASUS GT-AC5300 router through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact by setting a long sh_path0 value and then sending an appGet.cgi?hook=select_list("Storage_x_SharedPath") request, because ej_select_list in router/httpd/web.c uses strcpy. | ||||
| CVE-2021-28193 | 1 Asus | 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more | 2024-09-17 | 4.9 Medium |
| The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | ||||
| CVE-2021-28183 | 1 Asus | 6 Asmb8-ikvm, Asmb8-ikvm Firmware, Z10pe-d16 Ws and 3 more | 2024-09-17 | 4.9 Medium |
| The specific function in ASUS BMC’s firmware Web management page (Web License configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | ||||
| CVE-2021-28204 | 1 Asus | 6 Asmb8-ikvm, Asmb8-ikvm Firmware, Z10pe-d16 Ws and 3 more | 2024-09-17 | 7.2 High |
| The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary. | ||||
| CVE-2021-28192 | 1 Asus | 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more | 2024-09-17 | 4.9 Medium |
| The specific function in ASUS BMC’s firmware Web management page (Remote video storage function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | ||||
| CVE-2013-4937 | 1 Asus | 14 Dsl-n55u, Dsl-n56u Firmware, Rt-ac66u and 11 more | 2024-09-17 | N/A |
| Multiple unspecified vulnerabilities in the AiCloud feature on the ASUS RT-AC66U, RT-N66U, RT-N65U, RT-N14U, RT-N16, RT-N56U, and DSL-N55U with firmware before 3.0.4.372 have unknown impact and attack vectors. | ||||
| CVE-2022-26668 | 1 Asus | 1 Control Center | 2024-09-17 | 7.3 High |
| ASUS Control Center API has a broken access control vulnerability. An unauthenticated remote attacker can call privileged API functions to perform partial system operations or cause partial disrupt of service. | ||||
| CVE-2022-26669 | 1 Asus | 1 Control Center | 2024-09-17 | 8.8 High |
| ASUS Control Center is vulnerable to SQL injection. An authenticated remote attacker with general user privilege can inject SQL command to specific API parameters to acquire database schema or access data. | ||||
| CVE-2021-28189 | 1 Asus | 6 Asmb8-ikvm, Asmb8-ikvm Firmware, Z10pe-d16 Ws and 3 more | 2024-09-17 | 4.9 Medium |
| The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | ||||
| CVE-2021-28205 | 1 Asus | 6 Asmb8-ikvm, Asmb8-ikvm Firmware, Z10pe-d16 Ws and 3 more | 2024-09-17 | 4.9 Medium |
| The specific function in ASUS BMC’s firmware Web management page (Delete SOL video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files. | ||||
| CVE-2021-28202 | 1 Asus | 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more | 2024-09-17 | 4.9 Medium |
| The Service configuration-2 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | ||||
| CVE-2022-23970 | 1 Asus | 2 Rt-ax56u, Rt-ax56u Firmware | 2024-09-17 | 8.1 High |
| ASUS RT-AX56U’s update_json function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another file with the same file name, which results in service disruption. | ||||
| CVE-2022-22262 | 1 Asus | 1 Rog Live Service | 2024-09-17 | 7.7 High |
| ROG Live Service’s function for deleting temp files created by installation has an improper link resolution before file access vulnerability. Since this function does not validate the path before deletion, an unauthenticated local attacker can create an unexpected symbolic link to system file path, to delete arbitrary system files and disrupt system service. | ||||
| CVE-2022-26673 | 1 Asus | 2 Rt-ax88u, Rt-ax88u Firmware | 2024-09-17 | 5.4 Medium |
| ASUS RT-AX88U has insufficient filtering for special characters in the HTTP header parameter. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform Stored Cross-Site Scripting (XSS) attacks. | ||||
| CVE-2021-28176 | 1 Asus | 6 Asmb8-ikvm, Asmb8-ikvm Firmware, Z10pe-d16 Ws and 3 more | 2024-09-17 | 4.9 Medium |
| The DNS configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | ||||
| CVE-2022-23973 | 1 Asus | 2 Rt-ax56u, Rt-ax56u Firmware | 2024-09-17 | 8.8 High |
| ASUS RT-AX56U’s user profile configuration function is vulnerable to stack-based buffer overflow due to insufficient validation for parameter length. An unauthenticated LAN attacker can execute arbitrary code to perform arbitrary operations or disrupt service. | ||||
| CVE-2021-28201 | 1 Asus | 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more | 2024-09-17 | 4.9 Medium |
| The Service configuration-1 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | ||||
| CVE-2021-28179 | 1 Asus | 6 Asmb8-ikvm, Asmb8-ikvm Firmware, Z10pe-d16 Ws and 3 more | 2024-09-17 | 4.9 Medium |
| The specific function in ASUS BMC’s firmware Web management page (Media support configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. | ||||