Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
asus vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-44898
The MsIo64.sys component in Asus Aura Sync through v1.07.79 does not properly validate input to IOCTL 0x80102040, 0x80102044, 0x80102050, and 0x80102054, allowing malicious users to trigger a memory corruption and cause a Denial of Service (DoS) or escalate privileges via crafted...
Asus Aura Sync
NA
CVE-2022-4221
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Asus NAS-M25 allows an unauthenticated malicious user to inject arbitrary OS commands via unsanitized cookie values.This issue affects NAS-M25: up to and includin...
Asus Nas-m25 Firmware
NA
CVE-2020-23648
Asus RT-N12E 2.0.0.39 is affected by an incorrect access control vulnerability. Through system.asp / start_apply.htm, an attacker can change the administrator password without any authentication.
Asus Rt-n12e Firmware 2.0.0.39
NA
CVE-2022-36438
AsusSwitch.exe on ASUS personal computers (running Windows) sets weak file permissions, leading to local privilege escalation (this also can be used to delete files within the system arbitrarily). This affects ASUS System Control Interface 3 prior to 3.1.5.0, and AsusSwitch.exe p...
Asus Asusswitch
Asus System Control Interface
NA
CVE-2022-36439
AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal computers (running Windows) allows a local user to write into the Temp directory and delete another more privileged file via SYSTEM privileges. This affects ASUS System Control Interface 3 prior to 3.1.5.0,...
Asus System Control Interface
Asus Asusliveupdate
Asus Asussoftwaremanger
NA
CVE-2021-40556
A stack overflow vulnerability exists in the httpd service in ASUS RT-AX56U Router Version 3.0.0.4.386.44266. This vulnerability is caused by the strcat function called by "caupload" input handle function allowing the user to enter 0xFFFF bytes into the stack. This vuln...
Asus Rt-ax56u Firmware 3.0.0.4.386.44266
NA
CVE-2022-38699
Armoury Crate Service’s logging function has insufficient validation to check if the log file is a symbolic link. A physical attacker with general user privilege can modify the log file property to a symbolic link that points to arbitrary system file, causing the logging fu...
Asus Armoury Crate Service
NA
CVE-2021-41437
An HTTP response splitting attack in web application in ASUS RT-AX88U before v3.0.0.4.388.20558 allows an malicious user to craft a specific URL that if an authenticated victim visits it, the URL will give access to the cloud storage of the attacker.
Asus Rt-ax88u Firmware
NA
CVE-2022-26376
A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt before 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen before 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulner...
Asus Asuswrt
Asuswrt-merlin New Gen
Asus Xt8 Firmware
Asus Tuf-ax3000 V2 Firmware
Asus Xd4 Firmware
Asus Et12 Firmware
Asus Gt-ax6000 Firmware
Asus Xt12 Firmware
Asus Rt-ax58u Firmware
Asus Xt9 Firmware
Asus Xd6 Firmware
Asus Gt-ax11000 Pro Firmware
Asus Gt-axe16000 Firmware
Asus Rt-ax86u Firmware
Asus Rt-ax68u Firmware
Asus Rt-ax82u Firmware
Asus Rt-ax56u Firmware
Asus Rt-ax55 Firmware
Asus Gt-ax11000 Firmware
NA
CVE-2022-35899
There is an unquoted service path in ASUSTeK Aura Ready Game SDK service (GameSDK.exe) 1.0.0.4. This might allow a local user to escalate privileges by creating a %PROGRAMFILES(X86)%\ASUS\GameSDK.exe file.
Asus Aura Ready Game Software Development Kit 1.0.0.4
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2024-5274
CVE-2020-17519
CVE-2024-35340
CVE-2021-47558
local
XML injection
CVE-2021-47519
CVE-2021-47543
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »