Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Asus Subscribe
Total 231 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-0656 1 Asus 1 Smartlogon 2017-08-16 6.9 MEDIUM N/A
Asus SmartLogon 1.0.0005 allows physically proximate attackers to bypass "security functions" by presenting an image with a modified viewpoint that matches the posture of a stored image of the authorized notebook user.
CVE-2017-6548 1 Asus 2 Rt-ac53, Rt-ac53 Firmware 2017-08-15 10.0 HIGH 9.8 CRITICAL
Buffer overflows in networkmap on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before 3.0.0.4.380.7378; RT-AC68W routers with firmware before 3.0.0.4.380.7266; and RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1, and RT-N12+ Pro routers with firmware before 3.0.0.4.380.9488; and Asuswrt-Merlin firmware before 380.65_2 allow remote attackers to execute arbitrary code on the router via a long host or port in crafted multicast messages.
CVE-2017-6547 1 Asus 2 Rt-ac53, Rt-ac53 Firmware 2017-08-15 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before 3.0.0.4.380.7378; RT-AC68W routers with firmware before 3.0.0.4.380.7266; and RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1, and RT-N12+ Pro routers with firmware before 3.0.0.4.380.9488 allows remote attackers to inject arbitrary JavaScript by requesting filenames longer than 50 characters.
CVE-2017-8878 1 Asus 2 Rt-ac1750, Rt-ac1750 Firmware 2017-05-16 4.0 MEDIUM 6.5 MEDIUM
ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 allow remote authenticated users to discover the Wi-Fi password via WPS_info.xml.
CVE-2017-8877 1 Asus 2 Rt-ac1750, Rt-ac1750 Firmware 2017-05-16 4.0 MEDIUM 6.5 MEDIUM
ASUS RT-AC* and RT-N* devices with firmware through 3.0.0.4.380.7378 allow JSONP Information Disclosure such as the SSID.
CVE-2017-5891 1 Asus 2 Rt-ac1750, Rt-ac1750 Firmware 2017-05-16 6.8 MEDIUM 8.8 HIGH
ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 have Login Page CSRF and Save Settings CSRF.
CVE-2017-5892 1 Asus 2 Rt-ac1750, Rt-ac1750 Firmware 2017-05-15 5.0 MEDIUM 7.5 HIGH
ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 allow JSONP Information Disclosure such as a network map.
CVE-2013-4659 2 Asus, Trendnet 4 Rt-ac66u, Rt-ac66u Firmware, Tew-812dru and 1 more 2017-03-15 10.0 HIGH 9.8 CRITICAL
Buffer overflow in Broadcom ACSD allows remote attackers to execute arbitrary code via a long string to TCP port 5916. This component is used on routers of multiple vendors including ASUS RT-AC66U and TRENDnet TEW-812DRU.
CVE-2017-5632 1 Asus 2 Rt-n56u, Rt-n56u Firmware 2017-03-09 3.3 LOW 6.5 MEDIUM
An issue was discovered on the ASUS RT-N56U Wireless Router with Firmware 3.0.0.4.374_979. When executing an "nmap -O" command that specifies an IP address of an affected device, one can crash the device's WAN connection, causing disconnection from the Internet, a Denial of Service (DoS). The attack is only possible from within the local area network.
CVE-2013-7293 1 Asus 1 Wl-330nul 2016-12-30 5.0 MEDIUM N/A
The ASUS WL-330NUL router has a configuration process that relies on accessing the 192.168.1.1 IP address, but the documentation advises users to instead access a DNS hostname that does not always resolve to 192.168.1.1, which makes it easier for remote attackers to hijack the configuration traffic by controlling the server associated with that hostname.
CVE-2013-6343 1 Asus 6 Rt-ac66u, Rt-ac66u Firmware, Rt-n56u and 3 more 2016-12-30 10.0 HIGH N/A
Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and RT-AC66U routers with firmware 3.0.0.4.374_979 allow remote attackers to execute arbitrary code via the (1) apps_name or (2) apps_flag parameter to APP_Installation.asp.
CVE-2015-6949 1 Asus 1 Tm-1900 2016-12-21 9.3 HIGH N/A
Stack-based buffer overflow in the ASUS TM-AC1900 router allows remote attackers to execute arbitrary code via crafted HTTP header values.
CVE-2015-2676 1 Asus 2 Rt-g32, Rt-g32 Firmware 2016-12-02 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request to start_apply.htm.
CVE-2015-2681 1 Asus 2 Rt-g32, Rt-g32 Firmware 2016-12-02 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) next_page, (2) group_id, (3) action_script, or (4) flag parameter to start_apply.htm.
CVE-2005-3490 1 Asus 1 Video Security Online 2016-10-17 5.0 MEDIUM N/A
Directory traversal vulnerability in the web server in Asus Video Security 3.5.0.0 and earlier allows remote attackers to read arbitrary files via "../" or "..\" sequences in the URL.
CVE-2005-3489 1 Asus 1 Video Security Online 2016-10-17 7.5 HIGH N/A
Buffer overflow in Asus Video Security 3.5.0.0 and earlier, when using authorization, allows remote attackers to execute arbitrary code via a long username/password string.
CVE-2014-2925 2 Asus, T-mobile 3 Rt-ac68u, Rt-ac68u Firmware, Tm-ac1900 2016-06-30 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Advanced_Wireless_Content.asp in ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote attackers to inject arbitrary web script or HTML via the current_page parameter to apply.cgi.
CVE-2014-2719 2 Asus, T-mobile 10 Rt-ac66u Firmware, Rt-ac68u, Rt-ac68u Firmware and 7 more 2016-06-30 6.3 MEDIUM N/A
Advanced_System_Content.asp in the ASUS RT series routers with firmware before 3.0.0.4.374.5517, when an administrator session is active, allows remote authenticated users to obtain the administrator user name and password by reading the source code.
CVE-2013-5948 2 Asus, T-mobile 3 Rt-ac68u, Rt-ac68u Firmware, Tm-ac1900 2016-06-30 8.5 HIGH N/A
The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the Target field (destIP parameter).
CVE-2015-7788 1 Asus 2 Wl-330nul, Wl-330nul Firmware 2015-12-30 5.8 MEDIUM 7.3 HIGH
ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to execute arbitrary commands via unspecified vectors.