Filtered by vendor Asus
Subscribe
Total
231 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-28685 | 1 Asus | 1 Gputweak Ii | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow low-privileged users to interact directly with physical memory (by calling one of several driver routines that map physical memory into the virtual address space of the calling process) and to interact with MSR registers. This could enable low-privileged users to achieve NT AUTHORITY\SYSTEM privileges via a DeviceIoControl. | |||||
CVE-2021-3254 | 1 Asus | 2 Dsl-n14u-b1, Dsl-n14u-b1 Firmware | 2022-07-12 | 7.8 HIGH | 7.5 HIGH |
Asus DSL-N14U-B1 1.1.2.3_805 allows remote attackers to cause a Denial of Service (DoS) via a TCP SYN scan using nmap. | |||||
CVE-2022-31874 | 1 Asus | 2 Rt-n53, Rt-n53 Firmware | 2022-06-28 | 7.5 HIGH | 9.8 CRITICAL |
ASUS RT-N53 3.0.0.4.376.3754 has a command injection vulnerability in the SystemCmd parameter of the apply.cgi interface. | |||||
CVE-2022-26668 | 1 Asus | 1 Control Center | 2022-06-27 | 6.4 MEDIUM | 6.5 MEDIUM |
ASUS Control Center API has a broken access control vulnerability. An unauthenticated remote attacker can call privileged API functions to perform partial system operations or cause partial disrupt of service. | |||||
CVE-2022-26669 | 1 Asus | 1 Control Center | 2022-06-27 | 4.0 MEDIUM | 6.5 MEDIUM |
ASUS Control Center is vulnerable to SQL injection. An authenticated remote attacker with general user privilege can inject SQL command to specific API parameters to acquire database schema or access data. | |||||
CVE-2022-26673 | 1 Asus | 2 Rt-ax88u, Rt-ax88u Firmware | 2022-05-04 | 3.5 LOW | 5.4 MEDIUM |
ASUS RT-AX88U has insufficient filtering for special characters in the HTTP header parameter. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform Stored Cross-Site Scripting (XSS) attacks. | |||||
CVE-2022-26674 | 1 Asus | 2 Rt-ax88u, Rt-ax88u Firmware | 2022-05-04 | 7.5 HIGH | 9.8 CRITICAL |
ASUS RT-AX88U has a Format String vulnerability, which allows an unauthenticated remote attacker to write to arbitrary memory address and perform remote arbitrary code execution, arbitrary system operation or disrupt service. | |||||
CVE-2022-26672 | 1 Asus | 1 Webstorage | 2022-05-04 | 7.5 HIGH | 9.8 CRITICAL |
ASUS WebStorage has a hardcoded API Token in the APP source code. An unauthenticated remote attacker can use this token to establish connections with the server and carry out login attempts to general user accounts. A successful login to a general user account allows the attacker to access, modify or delete this user account information. | |||||
CVE-2022-23971 | 1 Asus | 2 Rt-ax56u, Rt-ax56u Firmware | 2022-04-14 | 4.8 MEDIUM | 8.1 HIGH |
ASUS RT-AX56U’s update_PLC/PORT file has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another PLC/PORT file with the same file name, which results in service disruption. | |||||
CVE-2022-23970 | 1 Asus | 2 Rt-ax56u, Rt-ax56u Firmware | 2022-04-14 | 4.8 MEDIUM | 8.1 HIGH |
ASUS RT-AX56U’s update_json function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another file with the same file name, which results in service disruption. | |||||
CVE-2022-23973 | 1 Asus | 2 Rt-ax56u, Rt-ax56u Firmware | 2022-04-14 | 5.8 MEDIUM | 8.8 HIGH |
ASUS RT-AX56U’s user profile configuration function is vulnerable to stack-based buffer overflow due to insufficient validation for parameter length. An unauthenticated LAN attacker can execute arbitrary code to perform arbitrary operations or disrupt service. | |||||
CVE-2022-25595 | 1 Asus | 2 Rt-ac86u, Rt-ac86u Firmware | 2022-04-14 | 6.1 MEDIUM | 6.5 MEDIUM |
ASUS RT-AC86U has improper user request handling, which allows an unauthenticated LAN attacker to cause a denial of service by sending particular request a server-to-client reply attempt. | |||||
CVE-2022-25596 | 1 Asus | 2 Rt-ac86u, Rt-ac86u Firmware | 2022-04-14 | 5.8 MEDIUM | 8.8 HIGH |
ASUS RT-AC56U’s configuration function has a heap-based buffer overflow vulnerability due to insufficient validation for the decryption parameter length, which allows an unauthenticated LAN attacker to execute arbitrary code, perform arbitrary operations and disrupt service. | |||||
CVE-2022-25597 | 1 Asus | 2 Rt-ac86u, Rt-ac86u Firmware | 2022-04-14 | 5.8 MEDIUM | 8.8 HIGH |
ASUS RT-AC86U’s LPD service has insufficient filtering for special characters in the user request, which allows an unauthenticated LAN attacker to perform command injection attack, execute arbitrary commands and disrupt or terminate service. | |||||
CVE-2022-23972 | 1 Asus | 2 Rt-ax56u, Rt-ax56u Firmware | 2022-04-14 | 5.8 MEDIUM | 8.8 HIGH |
ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation. An unauthenticated LAN attacker to inject arbitrary SQL code to read, modify and delete database. | |||||
CVE-2021-45757 | 1 Asus | 2 Rt-ac68u, Rt-ac68u Firmware | 2022-03-29 | 7.8 HIGH | 7.5 HIGH |
ASUS AC68U <=3.0.0.4.385.20852 is affected by a buffer overflow in blocking.cgi, which may cause a denial of service (DoS). | |||||
CVE-2021-45756 | 1 Asus | 4 Rt-ac5300, Rt-ac5300 Firmware, Rt-ac68u and 1 more | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
Asus RT-AC68U <3.0.0.4.385.20633 and RT-AC5300 <3.0.0.4.384.82072 are affected by a buffer overflow in blocking_request.cgi. | |||||
CVE-2022-22814 | 1 Asus | 1 Myasus | 2022-03-15 | 7.5 HIGH | 9.8 CRITICAL |
The System Diagnosis service of MyASUS before 3.1.2.0 allows privilege escalation. | |||||
CVE-2022-22262 | 1 Asus | 1 Rog Live Service | 2022-03-08 | 3.6 LOW | 7.7 HIGH |
ROG Live Service’s function for deleting temp files created by installation has an improper link resolution before file access vulnerability. Since this function does not validate the path before deletion, an unauthenticated local attacker can create an unexpected symbolic link to system file path, to delete arbitrary system files and disrupt system service. | |||||
CVE-2021-46247 | 1 Asus | 2 Cmax6000, Cmax6000 Firmware | 2022-02-25 | 5.0 MEDIUM | 7.5 HIGH |
The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from ASUS CMAX6000 v1.02.00. |