Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
asus vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2021-41437
An HTTP response splitting attack in web application in ASUS RT-AX88U before v3.0.0.4.388.20558 allows an malicious user to craft a specific URL that if an authenticated victim visits it, the URL will give access to the cloud storage of the attacker.
Asus Rt-ax88u Firmware
NA
CVE-2022-26376
A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt before 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen before 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulner...
Asus Asuswrt
Asuswrt-merlin New Gen
Asus Xt8 Firmware
Asus Tuf-ax3000 V2 Firmware
Asus Xd4 Firmware
Asus Et12 Firmware
Asus Gt-ax6000 Firmware
Asus Xt12 Firmware
Asus Rt-ax58u Firmware
Asus Xt9 Firmware
Asus Xd6 Firmware
Asus Gt-ax11000 Pro Firmware
Asus Gt-axe16000 Firmware
Asus Rt-ax86u Firmware
Asus Rt-ax68u Firmware
Asus Rt-ax82u Firmware
Asus Rt-ax56u Firmware
Asus Rt-ax55 Firmware
Asus Gt-ax11000 Firmware
NA
CVE-2022-35899
There is an unquoted service path in ASUSTeK Aura Ready Game SDK service (GameSDK.exe) 1.0.0.4. This might allow a local user to escalate privileges by creating a %PROGRAMFILES(X86)%\ASUS\GameSDK.exe file.
Asus Aura Ready Game Software Development Kit 1.0.0.4
1 Github repository
312
VMScore
CVE-2021-43702
ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device.
Asus Zenwifi Xd4s Firmware 3.0.0.4.386.46061
Asus Zenwifi Xt9 Firmware 3.0.0.4.386.46061
Asus Zenwifi Xd5 Firmware 3.0.0.4.386.46061
Asus Zenwifi Pro Et12 Firmware 3.0.0.4.386.46061
Asus Zenwifi Pro Xt12 Firmware 3.0.0.4.386.46061
Asus Zenwifi Ax Hybrid Firmware 3.0.0.4.386.46061
Asus Zenwifi Et8 Firmware 3.0.0.4.386.46061
Asus Zenwifi Xd6 Firmware 3.0.0.4.386.46061
Asus Zenwifi Ac Mini Firmware 3.0.0.4.386.46061
Asus Zenwifi Ax Mini Firmware 3.0.0.4.386.46061
Asus Zenwifi Ax Firmware 3.0.0.4.386.46061
Asus Zenwifi Ac Firmware 3.0.0.4.386.46061
Asus Rt-ac66u B1 Firmware 3.0.0.4.386.46061
Asus Rt-ax88u Firmware 3.0.0.4.386.46061
Asus Rt-ax82u Firmware 3.0.0.4.386.46061
Asus Rt-ax89x Firmware 3.0.0.4.386.46061
Asus Rt-ax92u Firmware 3.0.0.4.386.46061
Asus Rt-ax86u Firmware 3.0.0.4.386.46061
Asus Rt-ax68u Firmware 3.0.0.4.386.46061
Asus Rt-ax3000 Firmware 3.0.0.4.386.46061
Asus Rt-ax58u Firmware 3.0.0.4.386.46061
Asus Rt-ax55 Firmware 3.0.0.4.386.46061
312
VMScore
CVE-2022-32988
Cross Site Scripting (XSS) vulnerability in router Asus DSL-N14U-B1 1.1.2.3_805 via the "*list" parameters (e.g. filter_lwlist, keyword_rulelist, etc) in every ".asp" page containing a list of stored strings. The following asp files are affected: (1) cgi-bin/A...
Asus Dsl-n14u-b1 Firmware 1.1.2.3 805
2 Github repositories
570
VMScore
CVE-2022-26668
ASUS Control Center API has a broken access control vulnerability. An unauthenticated remote attacker can call privileged API functions to perform partial system operations or cause partial disrupt of service.
Asus Control Center 1.4.2.5
356
VMScore
CVE-2022-26669
ASUS Control Center is vulnerable to SQL injection. An authenticated remote attacker with general user privilege can inject SQL command to specific API parameters to acquire database schema or access data.
Asus Control Center 1.4.2.5
668
VMScore
CVE-2022-31874
ASUS RT-N53 3.0.0.4.376.3754 has a command injection vulnerability in the SystemCmd parameter of the apply.cgi interface.
Asus Rt-n53 Firmware 3.0.0.4.376.3754
694
VMScore
CVE-2021-3254
Asus DSL-N14U-B1 1.1.2.3_805 allows remote malicious users to cause a Denial of Service (DoS) via a TCP SYN scan using nmap.
Asus Dsl-n14u-b1 Firmware 1.1.2.3 805
668
VMScore
CVE-2022-26672
ASUS WebStorage has a hardcoded API Token in the APP source code. An unauthenticated remote attacker can use this token to establish connections with the server and carry out login attempts to general user accounts. A successful login to a general user account allows the maliciou...
Asus Webstorage
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code execution
CVE-2024-34909
CVE-2024-3317
SSTI
CVE-2024-3400
CVE-2024-30051
wireless
CVE-2024-4622
CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »