Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
asus vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2021-41437
An HTTP response splitting attack in web application in ASUS RT-AX88U before v3.0.0.4.388.20558 allows an malicious user to craft a specific URL that if an authenticated victim visits it, the URL will give access to the cloud storage of the attacker.
Asus Rt-ax88u Firmware
9.8
CVSSv3
CVE-2022-26376
A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt before 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen before 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulner...
Asus Asuswrt
Asuswrt-merlin New Gen
Asus Xt8 Firmware
Asus Tuf-ax3000 V2 Firmware
Asus Xd4 Firmware
Asus Et12 Firmware
Asus Gt-ax6000 Firmware
Asus Xt12 Firmware
Asus Rt-ax58u Firmware
Asus Xt9 Firmware
Asus Xd6 Firmware
Asus Gt-ax11000 Pro Firmware
Asus Gt-axe16000 Firmware
Asus Rt-ax86u Firmware
Asus Rt-ax68u Firmware
Asus Rt-ax82u Firmware
Asus Rt-ax56u Firmware
Asus Rt-ax55 Firmware
Asus Gt-ax11000 Firmware
7.8
CVSSv3
CVE-2022-35899
There is an unquoted service path in ASUSTeK Aura Ready Game SDK service (GameSDK.exe) 1.0.0.4. This might allow a local user to escalate privileges by creating a %PROGRAMFILES(X86)%\ASUS\GameSDK.exe file.
Asus Aura Ready Game Software Development Kit 1.0.0.4
1 Github repository
9
CVSSv3
CVE-2021-43702
ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device.
Asus Zenwifi Xd4s Firmware 3.0.0.4.386.46061
Asus Zenwifi Xt9 Firmware 3.0.0.4.386.46061
Asus Zenwifi Xd5 Firmware 3.0.0.4.386.46061
Asus Zenwifi Pro Et12 Firmware 3.0.0.4.386.46061
Asus Zenwifi Pro Xt12 Firmware 3.0.0.4.386.46061
Asus Zenwifi Ax Hybrid Firmware 3.0.0.4.386.46061
Asus Zenwifi Et8 Firmware 3.0.0.4.386.46061
Asus Zenwifi Xd6 Firmware 3.0.0.4.386.46061
Asus Zenwifi Ac Mini Firmware 3.0.0.4.386.46061
Asus Zenwifi Ax Mini Firmware 3.0.0.4.386.46061
Asus Zenwifi Ax Firmware 3.0.0.4.386.46061
Asus Zenwifi Ac Firmware 3.0.0.4.386.46061
Asus Rt-ac66u B1 Firmware 3.0.0.4.386.46061
Asus Rt-ax88u Firmware 3.0.0.4.386.46061
Asus Rt-ax82u Firmware 3.0.0.4.386.46061
Asus Rt-ax89x Firmware 3.0.0.4.386.46061
Asus Rt-ax92u Firmware 3.0.0.4.386.46061
Asus Rt-ax86u Firmware 3.0.0.4.386.46061
Asus Rt-ax68u Firmware 3.0.0.4.386.46061
Asus Rt-ax3000 Firmware 3.0.0.4.386.46061
Asus Rt-ax58u Firmware 3.0.0.4.386.46061
Asus Rt-ax55 Firmware 3.0.0.4.386.46061
5.4
CVSSv3
CVE-2022-32988
Cross Site Scripting (XSS) vulnerability in router Asus DSL-N14U-B1 1.1.2.3_805 via the "*list" parameters (e.g. filter_lwlist, keyword_rulelist, etc) in every ".asp" page containing a list of stored strings. The following asp files are affected: (1) cgi-bin/A...
Asus Dsl-n14u-b1 Firmware 1.1.2.3 805
2 Github repositories
6.5
CVSSv3
CVE-2022-26669
ASUS Control Center is vulnerable to SQL injection. An authenticated remote attacker with general user privilege can inject SQL command to specific API parameters to acquire database schema or access data.
Asus Control Center 1.4.2.5
6.5
CVSSv3
CVE-2022-26668
ASUS Control Center API has a broken access control vulnerability. An unauthenticated remote attacker can call privileged API functions to perform partial system operations or cause partial disrupt of service.
Asus Control Center 1.4.2.5
9.8
CVSSv3
CVE-2022-31874
ASUS RT-N53 3.0.0.4.376.3754 has a command injection vulnerability in the SystemCmd parameter of the apply.cgi interface.
Asus Rt-n53 Firmware 3.0.0.4.376.3754
7.5
CVSSv3
CVE-2021-3254
Asus DSL-N14U-B1 1.1.2.3_805 allows remote malicious users to cause a Denial of Service (DoS) via a TCP SYN scan using nmap.
Asus Dsl-n14u-b1 Firmware 1.1.2.3 805
5.4
CVSSv3
CVE-2022-26673
ASUS RT-AX88U has insufficient filtering for special characters in the HTTP header parameter. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform Stored Cross-Site Scripting (XSS) attacks.
Asus Rt-ax88u Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »