Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
asus vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-36439
AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal computers (running Windows) allows a local user to write into the Temp directory and delete another more privileged file via SYSTEM privileges. This affects ASUS System Control Interface 3 prior to 3.1.5.0,...
Asus System Control Interface
Asus Asusliveupdate
Asus Asussoftwaremanger
NA
CVE-2021-40556
A stack overflow vulnerability exists in the httpd service in ASUS RT-AX56U Router Version 3.0.0.4.386.44266. This vulnerability is caused by the strcat function called by "caupload" input handle function allowing the user to enter 0xFFFF bytes into the stack. This vuln...
Asus Rt-ax56u Firmware 3.0.0.4.386.44266
NA
CVE-2022-38699
Armoury Crate Service’s logging function has insufficient validation to check if the log file is a symbolic link. A physical attacker with general user privilege can modify the log file property to a symbolic link that points to arbitrary system file, causing the logging fu...
Asus Armoury Crate Service
NA
CVE-2021-41437
An HTTP response splitting attack in web application in ASUS RT-AX88U before v3.0.0.4.388.20558 allows an malicious user to craft a specific URL that if an authenticated victim visits it, the URL will give access to the cloud storage of the attacker.
Asus Rt-ax88u Firmware
NA
CVE-2022-26376
A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt before 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen before 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulner...
Asus Asuswrt
Asuswrt-merlin New Gen
Asus Xt8 Firmware
Asus Tuf-ax3000 V2 Firmware
Asus Xd4 Firmware
Asus Et12 Firmware
Asus Gt-ax6000 Firmware
Asus Xt12 Firmware
Asus Rt-ax58u Firmware
Asus Xt9 Firmware
Asus Xd6 Firmware
Asus Gt-ax11000 Pro Firmware
Asus Gt-axe16000 Firmware
Asus Rt-ax86u Firmware
Asus Rt-ax68u Firmware
Asus Rt-ax82u Firmware
Asus Rt-ax56u Firmware
Asus Rt-ax55 Firmware
Asus Gt-ax11000 Firmware
NA
CVE-2022-35899
There is an unquoted service path in ASUSTeK Aura Ready Game SDK service (GameSDK.exe) 1.0.0.4. This might allow a local user to escalate privileges by creating a %PROGRAMFILES(X86)%\ASUS\GameSDK.exe file.
Asus Aura Ready Game Software Development Kit 1.0.0.4
1 Github repository
3.5
CVSSv2
CVE-2021-43702
ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device.
Asus Zenwifi Xd4s Firmware 3.0.0.4.386.46061
Asus Zenwifi Xt9 Firmware 3.0.0.4.386.46061
Asus Zenwifi Xd5 Firmware 3.0.0.4.386.46061
Asus Zenwifi Pro Et12 Firmware 3.0.0.4.386.46061
Asus Zenwifi Pro Xt12 Firmware 3.0.0.4.386.46061
Asus Zenwifi Ax Hybrid Firmware 3.0.0.4.386.46061
Asus Zenwifi Et8 Firmware 3.0.0.4.386.46061
Asus Zenwifi Xd6 Firmware 3.0.0.4.386.46061
Asus Zenwifi Ac Mini Firmware 3.0.0.4.386.46061
Asus Zenwifi Ax Mini Firmware 3.0.0.4.386.46061
Asus Zenwifi Ax Firmware 3.0.0.4.386.46061
Asus Zenwifi Ac Firmware 3.0.0.4.386.46061
Asus Rt-ac66u B1 Firmware 3.0.0.4.386.46061
Asus Rt-ax88u Firmware 3.0.0.4.386.46061
Asus Rt-ax82u Firmware 3.0.0.4.386.46061
Asus Rt-ax89x Firmware 3.0.0.4.386.46061
Asus Rt-ax92u Firmware 3.0.0.4.386.46061
Asus Rt-ax86u Firmware 3.0.0.4.386.46061
Asus Rt-ax68u Firmware 3.0.0.4.386.46061
Asus Rt-ax3000 Firmware 3.0.0.4.386.46061
Asus Rt-ax58u Firmware 3.0.0.4.386.46061
Asus Rt-ax55 Firmware 3.0.0.4.386.46061
3.5
CVSSv2
CVE-2022-32988
Cross Site Scripting (XSS) vulnerability in router Asus DSL-N14U-B1 1.1.2.3_805 via the "*list" parameters (e.g. filter_lwlist, keyword_rulelist, etc) in every ".asp" page containing a list of stored strings. The following asp files are affected: (1) cgi-bin/A...
Asus Dsl-n14u-b1 Firmware 1.1.2.3 805
2 Github repositories
6.4
CVSSv2
CVE-2022-26668
ASUS Control Center API has a broken access control vulnerability. An unauthenticated remote attacker can call privileged API functions to perform partial system operations or cause partial disrupt of service.
Asus Control Center 1.4.2.5
4
CVSSv2
CVE-2022-26669
ASUS Control Center is vulnerable to SQL injection. An authenticated remote attacker with general user privilege can inject SQL command to specific API parameters to acquire database schema or access data.
Asus Control Center 1.4.2.5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21987
buffer overflow
CVE-2024-28890
CVE-2024-27574
CVE-2024-27347
CVE-2024-31450
privilege
SSTI
CVE-2024-31666
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »