Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
asus vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-22814
The System Diagnosis service of MyASUS prior to 3.1.2.0 allows privilege escalation.
Asus Myasus
8.8
CVSSv3
CVE-2019-11063
A broken access control vulnerability in SmartHome app (Android versions up to 3.0.42_190515, ios versions up to 2.0.22) allows an attacker in the same local area network to list user accounts and control IoT devices that connect with its gateway (HG100) via http://[target]/smart...
Asus Smarthome
1 Github repository
9.8
CVSSv3
CVE-2018-6000
An issue exists in AsusWRT prior to 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpnupload.cgi provides functionality for setting NVRAM configuration values, which allows malicious users to set the admin password and launch an SSH daemon (or enable i...
Asus Asuswrt
2 EDB exploits
9.8
CVSSv3
CVE-2018-5999
An issue exists in AsusWRT prior to 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails.
Asus Asuswrt
2 EDB exploits
8.8
CVSSv3
CVE-2017-15656
Password are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt.
Asus Asuswrt
9.8
CVSSv3
CVE-2022-26672
ASUS WebStorage has a hardcoded API Token in the APP source code. An unauthenticated remote attacker can use this token to establish connections with the server and carry out login attempts to general user accounts. A successful login to a general user account allows the maliciou...
Asus Webstorage
9.6
CVSSv3
CVE-2017-15655
Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version <=3.0.0.4.376.X. All have been fixed in version 3.0.0.4.378, but this vulnerability was not previously disclosed. Some end-of-life routers have this version as the newest and thus are vu...
Asus Asuswrt
NA
CVE-2014-9583
common.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC66U, RT-N66U, and other routers, does not properly check the MAC address for a request, which allows remote malicious users to bypass authentication and execute...
T-mobile Tm-ac1900 3.0.0.4.376 3169
Asus Wrt Firmware 3.0.0.4.376.2524-g0012f52
Asus Wrt Firmware 3.0.0.4.376 1071
2 EDB exploits
1 Github repository
7
CVSSv3
CVE-2019-19235
AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 (for Windows 10 notebook PCs) could lead to unsigned code execution with no additional execution. The user must put an application at a particular path, with a particular file name.
Asus Atk Package
9.8
CVSSv3
CVE-2023-5716
ASUS Armoury Crate has a vulnerability in arbitrary file write and allows remote malicious users to access or modify arbitrary files by sending specific HTTP requests without permission.
Asus Armoury Crate
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »