Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
asus asuswrt vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2018-8878
Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware prior to 3.0.0.4.382.50470 for devices allows remote malicious users to acquire information on internal network devices' hostnames and MAC addresses by reading the custom_id...
Asuswrt-merlin Asuswrt-merlin
Asus Asus Firmware
5
CVSSv2
CVE-2018-8877
Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware prior to 3.0.0.4.382.50470 for devices allows remote malicious users to acquire information on internal network IP address ranges by reading the new_lan_ip variable on the error_...
Asus Asus Firmware
Asuswrt-merlin Asuswrt-merlin
6.5
CVSSv2
CVE-2017-15653
Improper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string.
Asus Asuswrt
1 Github repository
7.6
CVSSv2
CVE-2017-15654
Highly predictable session tokens in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allow gaining administrative router access.
Asus Asuswrt
4
CVSSv2
CVE-2017-15656
Password are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt.
Asus Asuswrt
10
CVSSv2
CVE-2018-5999
An issue exists in AsusWRT prior to 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails.
Asus Asuswrt
2 EDB exploits
9.3
CVSSv2
CVE-2017-15655
Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version <=3.0.0.4.376.X. All have been fixed in version 3.0.0.4.378, but this vulnerability was not previously disclosed. Some end-of-life routers have this version as the newest and thus are vu...
Asus Asuswrt
10
CVSSv2
CVE-2018-6000
An issue exists in AsusWRT prior to 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpnupload.cgi provides functionality for setting NVRAM configuration values, which allows malicious users to set the admin password and launch an SSH daemon (or enable i...
Asus Asuswrt
2 EDB exploits
5
CVSSv2
CVE-2018-20333
An issue exists in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /update_applist.asp to see if a USB device is attached to the router and if there are apps installed on the router.
Asus Asuswrt 3.0.0.4.384.20308
10
CVSSv2
CVE-2018-20334
An issue exists in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell.
Asus Asuswrt 3.0.0.4.384.20308
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »