Filtered by vendor Asus
Subscriptions
Total
283 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-14712 | 1 Asus | 2 Rt-ac3200, Rt-ac3200 Firmware | 2024-11-21 | N/A |
| Buffer overflow in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to inject system commands via the "hook" URL parameter. | ||||
| CVE-2018-14711 | 1 Asus | 2 Rt-ac3200, Rt-ac3200 Firmware | 2024-11-21 | N/A |
| Missing cross-site request forgery protection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to cause state-changing actions with specially crafted URLs. | ||||
| CVE-2018-14710 | 1 Asus | 2 Rt-ac3200, Rt-ac3200 Firmware | 2024-11-21 | N/A |
| Cross-site scripting in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute JavaScript via the "hook" URL parameter. | ||||
| CVE-2018-11492 | 1 Asus | 2 Hg100, Hg100 Firmware | 2024-11-21 | N/A |
| ASUS HG100 devices allow denial of service via an IPv4 packet flood. | ||||
| CVE-2018-11491 | 1 Asus | 2 Hg100, Hg100 Firmware | 2024-11-21 | N/A |
| ASUS HG100 devices with firmware before 1.05.12 allow unauthenticated access, leading to remote command execution. | ||||
| CVE-2018-0647 | 1 Asus | 2 Wl-330nul, Wl-330nul Firmware | 2024-11-21 | N/A |
| Cross-site request forgery (CSRF) vulnerability in WL-330NUL Firmware version prior to 3.0.0.46 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | ||||
| CVE-2018-0583 | 1 Asus | 2 Rt-ac1200hp, Rt-ac1200hp Firmware | 2024-11-21 | N/A |
| Cross-site scripting vulnerability in ASUS RT-AC1200HP Firmware version prior to 3.0.0.4.380.4180 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2018-0582 | 1 Asus | 2 Rt-ac68u, Rt-ac68u Firmware | 2024-11-21 | N/A |
| Cross-site scripting vulnerability in ASUS RT-AC68U Firmware version prior to 3.0.0.4.380.1031 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2018-0581 | 1 Asus | 2 Rt-ac87u, Rt-ac87u Firmware | 2024-11-21 | N/A |
| Cross-site scripting vulnerability in ASUS RT-AC87U Firmware version prior to 3.0.0.4.378.9383 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2017-17945 | 1 Asus | 2 Hivivo, Vivobaby | 2024-11-21 | N/A |
| The ASUS HiVivo aspplication before 5.6.27 for ASUS Watch has Missing SSL Certificate Validation. | ||||
| CVE-2017-17944 | 1 Asus | 2 Hivivo, Vivobaby | 2024-11-21 | N/A |
| The ASUS Vivobaby application before 1.1.09 for Android has Missing SSL Certificate Validation. | ||||
| CVE-2017-15656 | 1 Asus | 1 Asuswrt | 2024-11-21 | N/A |
| Password are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt. | ||||
| CVE-2017-15655 | 1 Asus | 1 Asuswrt | 2024-11-21 | N/A |
| Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version <=3.0.0.4.376.X. All have been fixed in version 3.0.0.4.378, but this vulnerability was not previously disclosed. Some end-of-life routers have this version as the newest and thus are vulnerable at this time. This vulnerability allows for RCE with administrator rights when the administrator visits several pages. | ||||
| CVE-2017-15654 | 1 Asus | 1 Asuswrt | 2024-11-21 | N/A |
| Highly predictable session tokens in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allow gaining administrative router access. | ||||
| CVE-2017-15653 | 1 Asus | 1 Asuswrt | 2024-11-21 | N/A |
| Improper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string. | ||||
| CVE-2017-14699 | 1 Asus | 32 Dsl-ac51, Dsl-ac51 Firmware, Dsl-ac52u and 29 more | 2024-11-21 | N/A |
| Multiple XML external entity (XXE) vulnerabilities in the AiCloud feature on ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote authenticated users to read arbitrary files via a crafted DTD in (1) an UPDATEACCOUNT or (2) a PROPFIND request. | ||||
| CVE-2017-14698 | 1 Asus | 32 Dsl-ac51, Dsl-ac51 Firmware, Dsl-ac52u and 29 more | 2024-11-21 | N/A |
| ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote attackers to change passwords of arbitrary users via the http_passwd parameter to mod_login.asp. | ||||
| CVE-2017-12590 | 1 Asus | 2 Rt-n14uhp, Rt-n14uhp Firmware | 2024-11-21 | N/A |
| ASUS RT-N14UHP devices before 3.0.0.4.380.8015 have a reflected XSS vulnerability in the "flag" parameter. | ||||
| CVE-2016-6558 | 1 Asus | 14 Ea-n66, Ea-n66 Firmware, Rp-ac52 and 11 more | 2024-11-21 | N/A |
| A command injection vulnerability exists in apply.cgi on the ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, web interface specifically in the action_script parameter. The action_script parameter specifies a script to be executed if the action_mode parameter does not contain a valid state. If the input provided by action_script does not match one of the hard coded options, then it will be executed as the argument of either a system() or an eval() call allowing arbitrary commands to be executed. | ||||
| CVE-2016-6557 | 1 Asus | 14 Ea-n66, Ea-n66 Firmware, Rp-ac52 and 11 more | 2024-11-21 | N/A |
| In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request. | ||||