Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
asuswrt vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-6000
An issue exists in AsusWRT prior to 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpnupload.cgi provides functionality for setting NVRAM configuration values, which allows malicious users to set the admin password and launch an SSH daemon (or enable i...
Asus Asuswrt
2 EDB exploits
8.8
CVSSv3
CVE-2017-15653
Improper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string.
Asus Asuswrt
1 Github repository
8.3
CVSSv3
CVE-2017-15654
Highly predictable session tokens in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allow gaining administrative router access.
Asus Asuswrt
9.6
CVSSv3
CVE-2017-15655
Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version <=3.0.0.4.376.X. All have been fixed in version 3.0.0.4.378, but this vulnerability was not previously disclosed. Some end-of-life routers have this version as the newest and thus are vu...
Asus Asuswrt
8.8
CVSSv3
CVE-2017-15656
Password are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt.
Asus Asuswrt
9.8
CVSSv3
CVE-2018-20334
An issue exists in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell.
Asus Asuswrt 3.0.0.4.384.20308
7.5
CVSSv3
CVE-2018-20333
An issue exists in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /update_applist.asp to see if a USB device is attached to the router and if there are apps installed on the router.
Asus Asuswrt 3.0.0.4.384.20308
7.5
CVSSv3
CVE-2018-20335
An issue exists in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can trigger a DoS of the httpd service via the /APP_Installation.asp?= URI.
Asus Asuswrt 3.0.0.4.384.20308
7.5
CVSSv3
CVE-2018-20336
An issue exists in ASUSWRT 3.0.0.4.384.20308. There is a stack-based buffer overflow issue in parse_req_queries function in wanduck.c via a long string over UDP, which may lead to an information leak.
Asus Asuswrt-merlin 3.0.0.4.384.20308
9.8
CVSSv3
CVE-2022-26376
A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt before 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen before 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulner...
Asus Asuswrt
Asuswrt-merlin New Gen
Asus Xt8 Firmware
Asus Tuf-ax3000 V2 Firmware
Asus Xd4 Firmware
Asus Et12 Firmware
Asus Gt-ax6000 Firmware
Asus Xt12 Firmware
Asus Rt-ax58u Firmware
Asus Xt9 Firmware
Asus Xd6 Firmware
Asus Gt-ax11000 Pro Firmware
Asus Gt-axe16000 Firmware
Asus Rt-ax86u Firmware
Asus Rt-ax68u Firmware
Asus Rt-ax82u Firmware
Asus Rt-ax56u Firmware
Asus Rt-ax55 Firmware
Asus Gt-ax11000 Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
client side
CVE-2023-31889
template injection
CVE-2024-4304
CVE-2006-4304
CVE-2024-33272
type confusion
CVE-2024-21345
CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »