Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
asuswrt vulnerabilities and exploits
(subscribe to this query)
676
VMScore
CVE-2017-15654
Highly predictable session tokens in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allow gaining administrative router access.
Asus Asuswrt
828
VMScore
CVE-2017-15655
Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version <=3.0.0.4.376.X. All have been fixed in version 3.0.0.4.378, but this vulnerability was not previously disclosed. Some end-of-life routers have this version as the newest and thus are vu...
Asus Asuswrt
1000
VMScore
CVE-2018-6000
An issue exists in AsusWRT prior to 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpnupload.cgi provides functionality for setting NVRAM configuration values, which allows malicious users to set the admin password and launch an SSH daemon (or enable i...
Asus Asuswrt
2 EDB exploits
1000
VMScore
CVE-2018-5999
An issue exists in AsusWRT prior to 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails.
Asus Asuswrt
2 EDB exploits
356
VMScore
CVE-2017-15656
Password are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt.
Asus Asuswrt
445
VMScore
CVE-2018-20333
An issue exists in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /update_applist.asp to see if a USB device is attached to the router and if there are apps installed on the router.
Asus Asuswrt 3.0.0.4.384.20308
694
VMScore
CVE-2018-20335
An issue exists in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can trigger a DoS of the httpd service via the /APP_Installation.asp?= URI.
Asus Asuswrt 3.0.0.4.384.20308
890
VMScore
CVE-2018-20334
An issue exists in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell.
Asus Asuswrt 3.0.0.4.384.20308
445
VMScore
CVE-2018-20336
An issue exists in ASUSWRT 3.0.0.4.384.20308. There is a stack-based buffer overflow issue in parse_req_queries function in wanduck.c via a long string over UDP, which may lead to an information leak.
Asus Asuswrt-merlin 3.0.0.4.384.20308
NA
CVE-2022-26376
A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt before 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen before 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulner...
Asus Asuswrt
Asuswrt-merlin New Gen
Asus Xt8 Firmware
Asus Tuf-ax3000 V2 Firmware
Asus Xd4 Firmware
Asus Et12 Firmware
Asus Gt-ax6000 Firmware
Asus Xt12 Firmware
Asus Rt-ax58u Firmware
Asus Xt9 Firmware
Asus Xd6 Firmware
Asus Gt-ax11000 Pro Firmware
Asus Gt-axe16000 Firmware
Asus Rt-ax86u Firmware
Asus Rt-ax68u Firmware
Asus Rt-ax82u Firmware
Asus Rt-ax56u Firmware
Asus Rt-ax55 Firmware
Asus Gt-ax11000 Firmware
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »