Filtered by vendor Asus
Subscribe
Total
269 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4937 | 1 Asus | 14 Dsl-n55u, Dsl-n56u Firmware, Rt-ac66u and 11 more | 2025-04-11 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the AiCloud feature on the ASUS RT-AC66U, RT-N66U, RT-N65U, RT-N14U, RT-N16, RT-N56U, and DSL-N55U with firmware before 3.0.4.372 have unknown impact and attack vectors. | |||||
| CVE-2013-6343 | 1 Asus | 6 Rt-ac66u, Rt-ac66u Firmware, Rt-n56u and 3 more | 2025-04-11 | 10.0 HIGH | N/A |
| Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and RT-AC66U routers with firmware 3.0.0.4.374_979 allow remote attackers to execute arbitrary code via the (1) apps_name or (2) apps_flag parameter to APP_Installation.asp. | |||||
| CVE-2012-4924 | 1 Asus | 2 Ipswcom Activex Component, Net4switch | 2025-04-11 | 9.3 HIGH | N/A |
| Buffer overflow in the CxDbgPrint function in the ipswcom.dll ActiveX component 1.0.0.1 for ASUS Net4Switch 1.0.0020 allows remote attackers to execute arbitrary code via a long parameter to the Alert method. | |||||
| CVE-2013-7293 | 1 Asus | 1 Wl-330nul | 2025-04-11 | 5.0 MEDIUM | N/A |
| The ASUS WL-330NUL router has a configuration process that relies on accessing the 192.168.1.1 IP address, but the documentation advises users to instead access a DNS hostname that does not always resolve to 192.168.1.1, which makes it easier for remote attackers to hijack the configuration traffic by controlling the server associated with that hostname. | |||||
| CVE-2011-4497 | 1 Asus | 2 Rt-n56u, Rt-n56u Firmware | 2025-04-11 | 3.3 LOW | N/A |
| QIS_wizard.htm on the ASUS RT-N56U router with firmware before 1.0.1.4o allows remote attackers to obtain the administrator password via a flag=detect request. | |||||
| CVE-2009-3093 | 1 Asus | 1 Asus Wl-500w | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability on the ASUS WL-500W wireless router has unknown impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2009-3092 | 1 Asus | 1 Asus Wl-500w | 2025-04-09 | 10.0 HIGH | N/A |
| Buffer overflow on the ASUS WL-500W wireless router has unknown impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2008-1491 | 1 Asus | 1 Remote Console | 2025-04-09 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the DPC Proxy server (DpcProxy.exe) in ASUS Remote Console (aka ARC or ASMB3) 2.0.0.19 and 2.0.0.24 allows remote attackers to execute arbitrary code via a long string to TCP port 623. | |||||
| CVE-2009-0656 | 1 Asus | 1 Smartlogon | 2025-04-09 | 6.9 MEDIUM | N/A |
| Asus SmartLogon 1.0.0005 allows physically proximate attackers to bypass "security functions" by presenting an image with a modified viewpoint that matches the posture of a stored image of the authorized notebook user. | |||||
| CVE-2009-3091 | 1 Asus | 1 Asus Wl-330ge | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability on the ASUS WL-330gE has unknown impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2005-3490 | 1 Asus | 1 Video Security Online | 2025-04-03 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the web server in Asus Video Security 3.5.0.0 and earlier allows remote attackers to read arbitrary files via "../" or "..\" sequences in the URL. | |||||
| CVE-2005-3489 | 1 Asus | 1 Video Security Online | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in Asus Video Security 3.5.0.0 and earlier, when using authorization, allows remote attackers to execute arbitrary code via a long username/password string. | |||||
| CVE-2021-37315 | 1 Asus | 2 Rt-ac68u, Rt-ac68u Firmware | 2025-03-26 | N/A | 9.1 CRITICAL |
| Incorrect Access Control issue discoverd in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the source for COPY and MOVE operations. | |||||
| CVE-2021-37317 | 1 Asus | 2 Rt-ac68u, Rt-ac68u Firmware | 2025-03-26 | N/A | 9.1 CRITICAL |
| Directory Traversal vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the target for COPY and MOVE operations. | |||||
| CVE-2021-37316 | 1 Asus | 2 Rt-ac68u, Rt-ac68u Firmware | 2025-03-26 | N/A | 7.5 HIGH |
| SQL injection vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to view sensitive information via /etc/shadow. | |||||
| CVE-2022-42455 | 1 Asus | 1 Armoury Crate | 2025-03-19 | N/A | 7.8 HIGH |
| ASUS EC Tool driver (aka d.sys) 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, as signed by ASUS and shipped with multiple ASUS software products, contains multiple IOCTL handlers that provide raw read and write access to port I/O and MSRs via unprivileged IOCTL calls. Local users can gain privileges. | |||||
| CVE-2021-32030 | 1 Asus | 2 Gt-ac2900, Gt-ac2900 Firmware | 2025-02-06 | 7.5 HIGH | 9.8 CRITICAL |
| The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 and Lyra Mini before 3.0.0.4_384_46630 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator interface. This relates to handle_request in router/httpd/httpd.c and auth_check in web_hook.o. An attacker-supplied value of '\0' matches the device's default value of '\0' in some situations. Note: All versions of Lyra Mini and earlier which are unsupported (End-of-Life, EOL) are also affected by this vulnerability, Consumers can mitigate this vulnerability by disabling the remote access features from WAN. | |||||
| CVE-2023-29772 | 1 Asus | 2 Rt-ac51u, Rt-ac51u Firmware | 2025-01-30 | N/A | 5.2 MEDIUM |
| A Cross-site scripting (XSS) vulnerability in the System Log/General Log page of the administrator web UI in ASUS RT-AC51U wireless router firmware version up to and including 3.0.0.4.380.8591 allows remote attackers to inject arbitrary web script or HTML via a malicious network request. | |||||
| CVE-2023-34940 | 1 Asus | 2 Rt-n10lx, Rt-n10lx Firmware | 2025-01-06 | N/A | 7.5 HIGH |
| Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overflow via the url parameter at /start-apply.html. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2023-31195 | 1 Asus | 2 Rt-ax3000, Rt-ax3000 Firmware | 2025-01-03 | N/A | 5.3 MEDIUM |
| ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 uses sensitive cookies without 'Secure' attribute. When an attacker is in a position to be able to mount a man-in-the-middle attack, and a user is tricked to log into the affected device through an unencrypted ('http') connection, the user's session may be hijacked. | |||||