Buffer overflow in Asus Video Security 3.5.0.0 and earlier, when using authorization, allows remote attackers to execute arbitrary code via a long username/password string.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | video_security_online | * |
Directory traversal vulnerability in the web server in Asus Video Security 3.5.0.0 and earlier allows remote attackers to read arbitrary files via "../" or "..\" sequences in the URL.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | video_security_online | * |
QIS_wizard.htm on the ASUS RT-N56U router with firmware before 1.0.1.4o allows remote attackers to obtain the administrator password via a flag=detect request.
CVSS 2.0
Severity: LOW
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-n56u_firmware | * |
| asus | rt-n56u_firmware | 1.0.1.3 |
| asus | rt-n56u_firmware | 1.0.1.2 |
| asus | rt-n56u_firmware | 1.0.0.9 |
| asus | rt-n56u | * |
ASUS RT-N56U devices allow CSRF.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-n56u_firmware | 3.0.0.4.374_979 |
| asus | dsl-n55u_firmware | 3.0.0.4.374_1397 |
| asus | rt-n16_firmware | 3.0.0.4.374_979 |
| asus | rt-n53_firmware | 3.0.0.4.374_311 |
| asus | rt-n10u_firmware | 3.0.0.4.374_168 |
| asus | rt-n15u_firmware | 3.0.0.4.374_16 |
| asus | rt-ac66u_firmware | 3.0.0.4.374_2050 |
qis/QIS_finish.htm on the ASUS RT-N10E router with firmware before 2.0.0.25 does not require authentication, which allows remote attackers to discover the administrator password via a direct request.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-n10e_firmware | * |
| asus | rt-n10e_firmware | 2.0.0.7 |
| asus | rt-n10e_firmware | 2.0.0.10 |
| asus | rt-n10e_firmware | 2.0.0.16 |
| asus | rt-n10e_firmware | 2.0.0.20 |
| asus | rt-n10e | - |
| asus | rt-n10e_firmware | 2.0.0.19 |
Symlink Traversal vulnerability in ASUS RT-AC66U and RT-N56U due to misconfiguration in the SMB service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac66u_firmware | - |
| asus | rt-n56u_firmware | - |
Buffer overflow in Broadcom ACSD allows remote attackers to execute arbitrary code via a long string to TCP port 5916. This component is used on routers of multiple vendors including ASUS RT-AC66U and TRENDnet TEW-812DRU.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac66u_firmware | - |
| trendnet | tew-812dru_firmware | - |
Multiple unspecified vulnerabilities in the AiCloud feature on the ASUS RT-AC66U, RT-N66U, RT-N65U, RT-N14U, RT-N16, RT-N56U, and DSL-N55U with firmware before 3.0.4.372 have unknown impact and attack vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-n66u_firmware | 3.0.0.4.272 |
| asus | rt-n16_firmware | 3.0.0.4.220 |
| asus | rt-n16_firmware | 1.0.2.3 |
| asus | rt-n56u_firmware | 1.0.1.4 |
| asus | rt-n56u_firmware | 1.0.1.4o |
| asus | rt-n56u_firmware | 1.0.1.8n |
| asus | rt-n16_firmware | 3.0.0.4.246 |
| asus | rt-ac66u_firmware | 3.0.0.4.260 |
| asus | rt-n65u_firmware | 3.0.0.4.334 |
| asus | rt-ac66u_firmware | 3.0.0.4.140 |
| asus | rt-n16_firmware | 3.0.0.3.108 |
| asus | rt-n65u | - |
| asus | rt-n14u_firmware | * |
| asus | rt-n14u | - |
| asus | rt-ac66u_firmware | 3.0.0.4.246 |
| asus | rt-n56u_firmware | 3.0.0.4.318 |
| asus | rt-ac66u_firmware | 3.0.0.4.270 |
| asus | rt-n56u_firmware | 1.0.1.7c |
| asus | rt-n16_firmware | * |
| asus | rt-ac66u_firmware | 3.0.0.4.220 |
| asus | rt-ac66u | - |
| asus | rt-n65u_firmware | * |
| asus | rt-n65u_firmware | 3.0.0.3.134 |
| asus | rt-n56u | - |
| asus | dsl-n55u | - |
| asus | dsl-n56u_firmware | * |
| asus | rt-n56u_firmware | * |
| asus | rt-n56u_firmware | 3.0.0.4.334 |
| asus | dsl-n56u_firmware | 3.0.0.4.314 |
| asus | rt-n66u | - |
| asus | rt-n56u_firmware | 1.0.1.8j |
| asus | rt-n16_firmware | 7.0.2.38b |
| asus | rt-n56u_firmware | 7.0.1.21 |
| asus | dsl-n56u_firmware | 3.0.0.4.188 |
| asus | rt-n56u_firmware | 1.0.1.8l |
| asus | dsl-n56u_firmware | 1.0.0.9 |
| asus | rt-n65u_firmware | 3.0.0.4.342 |
| asus | rt-n65u_firmware | 3.0.0.3.176 |
| asus | rt-ac66u_firmware | * |
| asus | rt-n56u_firmware | 3.0.0.4.342 |
| asus | rt-n16_firmware | 3.0.0.3.178 |
| asus | rt-n65u_firmware | 3.0.0.4.260 |
| asus | rt-n56u_firmware | 7.0.1.32 |
| asus | rt-n16_firmware | 1.0.1.9 |
| asus | rt-n14u_firmware | 3.0.0.4.322 |
| asus | rt-n16 | - |
| asus | rt-n66u_firmware | * |
| asus | rt-n56u_firmware | 1.0.1.7f |
| asus | rt-n16_firmware | 3.0.0.4.260 |
| asus | rt-n56u_firmware | 8.1.1.4 |
| asus | rt-n16_firmware | 3.0.0.3.162 |
The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the Target field (destIP parameter).
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| t-mobile | tm-ac1900 | 3.0.0.4.376_3169 |
| asus | rt-ac68u_firmware | 3.0.0.4.374_4561 |
| asus | rt-ac68u_firmware | 3.0.0.4.374_4887 |
| asus | rt-ac68u_firmware | 3.0.0.4.374.4755 |
| asus | rt-ac68u | - |
Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and RT-AC66U routers with firmware 3.0.0.4.374_979 allow remote attackers to execute arbitrary code via the (1) apps_name or (2) apps_flag parameter to APP_Installation.asp.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-n56u_firmware | 3.0.0.4..374_979 |
| asus | tm-ac1900_firmware | 3.0.0.4..374_979 |
| asus | rt-ac66u_firmware | 3.0.0.4..374_979 |
The ASUS WL-330NUL router has a configuration process that relies on accessing the 192.168.1.1 IP address, but the documentation advises users to instead access a DNS hostname that does not always resolve to 192.168.1.1, which makes it easier for remote attackers to hijack the configuration traffic by controlling the server associated with that hostname.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-16,CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | wl-330nul | - |
ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and possibly other RT-series routers before firmware 3.0.0.4.376.x do not verify the integrity of firmware (1) update information or (2) downloaded updates, which allows man-in-the-middle (MITM) attackers to execute arbitrary code via a crafted image.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-345,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| t-mobile | tm-ac1900 | 3.0.0.4.376_3169 |
| asus | rt_series_firmware | * |
Advanced_System_Content.asp in the ASUS RT series routers with firmware before 3.0.0.4.374.5517, when an administrator session is active, allows remote authenticated users to obtain the administrator user name and password by reading the source code.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-n66u_firmware | 3.0.0.4.272 |
| asus | rt-n16_firmware | 3.0.0.4.220 |
| asus | rt-n16_firmware | 1.0.2.3 |
| asus | rt-n56u_firmware | 1.0.1.4 |
| asus | rt-n10e_firmware | 2.0.0.10 |
| asus | rt-n56u_firmware | 1.0.1.4o |
| asus | rt-n56u_firmware | 1.0.1.8n |
| asus | rt-n16_firmware | 3.0.0.4.246 |
| asus | rt-ac66u_firmware | 3.0.0.4.260 |
| asus | rt-n65u_firmware | 3.0.0.4.334 |
| asus | rt-n10e_firmware | 2.0.0.7 |
| asus | rt-ac66u_firmware | 3.0.0.4.354 |
| asus | rt-ac66u_firmware | 3.0.0.4.140 |
| asus | rt-n56u_firmware | 3.0.0.4.360 |
| asus | rt-n16_firmware | 3.0.0.3.108 |
| asus | rt-n10e_firmware | 2.0.0.19 |
| asus | rt-ac66u_firmware | 3.0.0.4.246 |
| asus | rt-n56u_firmware | 3.0.0.4.318 |
| asus | rt-ac66u_firmware | 3.0.0.4.270 |
| asus | rt-ac68u | - |
| asus | rt-n56u_firmware | 1.0.1.7c |
| asus | rt-ac66u_firmware | 3.0.0.4.220 |
| t-mobile | tm-ac1900 | 3.0.0.4.376_3169 |
| asus | rt-ac68u_firmware | 3.0.0.4.374_4887 |
| asus | rt-n14u_firmware | 3.0.0.4.356 |
| asus | rt-n65u_firmware | 3.0.0.3.134 |
| asus | rt-n66u_firmware | 3.0.0.4.370 |
| asus | rt-n56u_firmware | 3.0.0.4.334 |
| asus | rt-n65u_firmware | 3.0.0.4.346 |
| asus | rt-n56u_firmware | 1.0.1.8j |
| asus | rt-n10e_firmware | 2.0.0.20 |
| asus | rt-ac68u_firmware | 3.0.0.4.374.4755 |
| asus | rt-n16_firmware | 7.0.2.38b |
| asus | rt-n56u_firmware | 7.0.1.21 |
| asus | rt-n10e_firmware | 2.0.0.25 |
| asus | rt-n56u_firmware | 1.0.1.8l |
| asus | rt-n65u_firmware | 3.0.0.4.342 |
| asus | rt-n10e_firmware | 2.0.0.24 |
| asus | rt-n65u_firmware | 3.0.0.3.176 |
| asus | rt-n56u_firmware | 3.0.0.4.342 |
| asus | rt-n16_firmware | 3.0.0.3.178 |
| asus | rt-n65u_firmware | 3.0.0.4.260 |
| asus | rt-n56u_firmware | 7.0.1.32 |
| asus | rt-n16_firmware | 1.0.1.9 |
| asus | rt-n14u_firmware | 3.0.0.4.322 |
| asus | rt-ac68u_firmware | 3.0.0.4.374_4561 |
| asus | rt-n10e_firmware | 2.0.0.16 |
| asus | rt-n16_firmware | 3.0.0.4.354 |
| asus | rt-n56u_firmware | 1.0.1.7f |
| asus | rt-n16_firmware | 3.0.0.4.260 |
| asus | rt-n56u_firmware | 8.1.1.4 |
| asus | rt-n16_firmware | 3.0.0.3.162 |
Cross-site scripting (XSS) vulnerability in Advanced_Wireless_Content.asp in ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote attackers to inject arbitrary web script or HTML via the current_page parameter to apply.cgi.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| t-mobile | tm-ac1900 | 3.0.0.4.376_3169 |
| asus | rt-ac68u_firmware | * |
| asus | rt-ac68u_firmware | 3.0.0.4.374_4887 |
| asus | rt-ac68u_firmware | 3.0.0.4.374.4755 |
| asus | rt-ac68u | - |
ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-n56u_firmware | * |
| asus | rt-n66u | - |
| asus | rt-ac56s_firmware | * |
| asus | rt-ac68u_firmware | * |
| asus | rt-n66u_firmware | * |
| asus | rt-ac68u | - |
| asus | rt-ac87u | - |
| asus | rt-ac56s | - |
| asus | rt-ac87u_firmware | * |
| asus | rt-n56u | - |
Cross-site request forgery (CSRF) vulnerability on ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allows remote attackers to hijack the authentication of arbitrary users.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-n56u_firmware | * |
| asus | rt-n66u | - |
| asus | rt-ac56s_firmware | * |
| asus | rt-ac68u_firmware | * |
| asus | rt-n66u_firmware | * |
| asus | rt-ac68u | - |
| asus | rt-ac87u | - |
| asus | rt-ac56s | - |
| asus | rt-ac87u_firmware | * |
| asus | rt-n56u | - |
common.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC66U, RT-N66U, and other routers, does not properly check the MAC address for a request, which allows remote attackers to bypass authentication and execute arbitrary commands via a NET_CMD_ID_MANU_CMD packet to UDP port 9999. NOTE: this issue was incorrectly mapped to CVE-2014-10000, but that ID is invalid due to its use as an example of the 2014 CVE ID syntax change.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| t-mobile | tm-ac1900 | 3.0.0.4.376_3169 |
| asus | wrt_firmware | 3.0.0.4.376.2524-g0012f52 |
| asus | wrt_firmware | 3.0.0.4.376_1071 |
Multiple cross-site scripting (XSS) vulnerabilities in Asus RT-N10+ D1 router with firmware 2.1.1.1.70 allow remote attackers to inject arbitrary web script or HTML via the flag parameter to (1) result_of_get_changed_status.asp or (2) error_page.htm.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-n10+d1_firmware | 2.1.1.1.70 |
Cross-site request forgery (CSRF) vulnerability in the ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request to start_apply.htm.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-g32_firmware | 2.0.3.2 |
| asus | rt-g32_firmware | 2.0.2.6 |
Multiple cross-site scripting (XSS) vulnerabilities in the ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) next_page, (2) group_id, (3) action_script, or (4) flag parameter to start_apply.htm.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-g32_firmware | 2.0.3.2 |
| asus | rt-g32_firmware | 2.0.2.6 |
Stack-based buffer overflow in the ASUS TM-AC1900 router allows remote attackers to execute arbitrary code via crafted HTTP header values.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | tm-1900 | - |
ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to discover the WPA2-PSK passphrase via unspecified vectors.
CVSS 2.0
Severity: LOW
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | wl-330nul_firmware | * |
ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to execute arbitrary commands via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | wl-330nul_firmware | * |
ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to cause a denial of service via unspecified vectors.
CVSS 2.0
Severity: LOW
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | wl-330nul | * |
| asus | wl-33nul_firmware | * |
Cross-site scripting (XSS) vulnerability on ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | wl-330nul_firmware | * |
In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rp-n14_firmware | - |
| asus | rp-ac52_firmware | * |
| asus | rp-n53_firmware | - |
| asus | rp-n12_firmware | - |
| asus | rp-ac56_firmware | - |
| asus | wmp-n12_firmware | - |
| asus | ea-n66_firmware | - |
A command injection vulnerability exists in apply.cgi on the ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, web interface specifically in the action_script parameter. The action_script parameter specifies a script to be executed if the action_mode parameter does not contain a valid state. If the input provided by action_script does not match one of the hard coded options, then it will be executed as the argument of either a system() or an eval() call allowing arbitrary commands to be executed.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-77,CWE-77,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rp-n14_firmware | - |
| asus | rp-ac52_firmware | * |
| asus | rp-n53_firmware | - |
| asus | rp-n12_firmware | - |
| asus | rp-ac56_firmware | - |
| asus | wmp-n12_firmware | - |
| asus | ea-n66_firmware | - |
ASUS RT-N14UHP devices before 3.0.0.4.380.8015 have a reflected XSS vulnerability in the "flag" parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-n14uhp_firmware | * |
ASUS DSL-N10S V2.1.16_APAC devices have reflected and stored cross site scripting, as demonstrated by the snmpSysName parameter.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | dsl-n10s_firmware | v2.1.16_apac |
ASUS DSL-N10S V2.1.16_APAC devices have a privilege escalation vulnerability. A normal user can escalate its privilege and perform administrative actions. There is no mapping of users with their privileges.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | dsl-n10s_firmware | v2.1.16_apac |
ASUS DSL-N10S V2.1.16_APAC devices allow CSRF.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | dsl-n10s_firmware | v2.1.16_apac |
ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote attackers to change passwords of arbitrary users via the http_passwd parameter to mod_login.asp.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | dsl-n14u_firmware | - |
| asus | dsl-n16_firmware | - |
| asus | dsl-ac51_firmware | - |
| asus | dsl-ac750_firmware | - |
| asus | dsl-n55u_c1_firmware | - |
| asus | dsl-ac52u_firmware | - |
| asus | dsl-n14u-b1_firmware | - |
| asus | dsl-n10_c1_firmware | - |
| asus | dsl-n55u_d1_firmware | - |
| asus | dsl-n12u_c1_firmware | - |
| asus | dsl-n12e_c1_firmware | - |
| asus | dsl-n17u_firmware | - |
| asus | dsl-ac55u_firmware | - |
| asus | dsl-ac56u_firmware | - |
| asus | dsl-n16u_firmware | - |
| asus | dsl-n66u_firmware | - |
Multiple XML external entity (XXE) vulnerabilities in the AiCloud feature on ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote authenticated users to read arbitrary files via a crafted DTD in (1) an UPDATEACCOUNT or (2) a PROPFIND request.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-611,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | dsl-n14u_firmware | - |
| asus | dsl-n16_firmware | - |
| asus | dsl-ac51_firmware | - |
| asus | dsl-ac750_firmware | - |
| asus | dsl-n55u_c1_firmware | - |
| asus | dsl-ac52u_firmware | - |
| asus | dsl-n14u-b1_firmware | - |
| asus | dsl-n10_c1_firmware | - |
| asus | dsl-n55u_d1_firmware | - |
| asus | dsl-n12u_c1_firmware | - |
| asus | dsl-n12e_c1_firmware | - |
| asus | dsl-n17u_firmware | - |
| asus | dsl-ac55u_firmware | - |
| asus | dsl-ac56u_firmware | - |
| asus | dsl-n16u_firmware | - |
| asus | dsl-n66u_firmware | - |
Improper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-613,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | asuswrt | * |
Highly predictable session tokens in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allow gaining administrative router access.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-330,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | asuswrt | * |
Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version <=3.0.0.4.376.X. All have been fixed in version 3.0.0.4.378, but this vulnerability was not previously disclosed. Some end-of-life routers have this version as the newest and thus are vulnerable at this time. This vulnerability allows for RCE with administrator rights when the administrator visits several pages.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | asuswrt | * |
Password are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-522,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | asuswrt | * |
The ASUS Vivobaby application before 1.1.09 for Android has Missing SSL Certificate Validation.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-295,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | hivivo | * |
| asus | vivobaby | * |
The ASUS HiVivo aspplication before 5.6.27 for ASUS Watch has Missing SSL Certificate Validation.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-295,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | hivivo | * |
| asus | vivobaby | * |
An issue was discovered on the ASUS RT-N56U Wireless Router with Firmware 3.0.0.4.374_979. When executing an "nmap -O" command that specifies an IP address of an affected device, one can crash the device's WAN connection, causing disconnection from the Internet, a Denial of Service (DoS). The attack is only possible from within the local area network.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-n56u_firmware | 3.0.0.4.374_979 |
Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | z170m-plus/br_firmware | - |
| asus | h110m-k_firmware | - |
| asus | h170-pro/usb_3.1_firmware | - |
| asus | h110m-c/ps_firmware | - |
| asus | ex-b250m-v5_firmware | - |
| asus | b150-pro_d3_firmware | - |
| asus | q170t_v2_firmware | - |
| asus | h110m-r_firmware | - |
| asus | rog_strix_z370-f_gaming_firmware | - |
| asus | h110i-plus_firmware | - |
| asus | prime_z270-k_firmware | - |
| asus | q270-s_firmware | - |
| asus | z170-p_d3_firmware | - |
| asus | b250m-f_plus_firmware | - |
| asus | z170m-e_d3_firmware | - |
| asus | h110m-cs_x_firmware | - |
| asus | q270m-cm-a_firmware | - |
| asus | b150-plus_firmware | - |
| intel | manageability_engine_firmware | 11.7 |
| asus | h170m-e_d3_firmware | - |
| asus | rog_strix_z270e_gaming_firmware | - |
| asus | rog_strix_h270i_gaming_firmware | - |
| asus | prime_h270-plus_firmware | - |
| asus | h110-plus_firmware | - |
| asus | rog_maximus_viii_hero_alpha_firmware | - |
| asus | h110m-cs/br_firmware | - |
| asus | rog_strix_b250f_gaming_firmware | - |
| asus | sabertooth_z170_s_firmware | - |
| asus | z170-pro_firmware | - |
| asus | prime_z370-p_firmware | - |
| asus | h110m-plus_firmware | - |
| asus | b150m_pro_gaming_firmware | - |
| asus | prime_b250-pro_firmware | - |
| asus | tuf_z270_mark_2_firmware | - |
| asus | pio-b250i_firmware | - |
| asus | ex-b150m-v_firmware | - |
| asus | tuf_z370-plus_gaming_firmware | - |
| intel | manageability_engine_firmware | 11.10 |
| asus | b150m-plus_firmware | - |
| siemens | sinumerik_pcu50.5-p_firmware | * |
| siemens | sinumerik_pcu50.5-c_firmware | * |
| siemens | simatic_ipc647d_firmware | * |
| intel | active_management_technology_firmware | - |
| asus | rog_maximus_x_apex_firmware | - |
| asus | z170i_pro_gaming_firmware | - |
| asus | pio-b150m_firmware | - |
| asus | h110t_firmware | - |
| asus | h110m-ks_firmware | - |
| asus | ex-h110m-v_firmware | - |
| asus | z170-deluxe_firmware | - |
| asus | rog_maximus_x_hero_firmware | - |
| siemens | simatic_ipc627d_firmware | * |
| asus | b150m-c/br_firmware | - |
| asus | prime_h110m2_firmware | - |
| asus | q170m2_firmware | - |
| asus | prime_q270m-c_firmware | - |
| asus | h110m-c/hdmi_firmware | - |
| asus | rog_maximus_viii_formula_firmware | - |
| asus | b150-pro_firmware | - |
| asus | prime_b250m-d_firmware | - |
| siemens | simatic_ipc427e_firmware | * |
| siemens | simatic_ipc477d_pro_firmware | - |
| asus | h110m-c_firmware | - |
| asus | rog_maximus_viii_extreme_firmware | - |
| asus | h110m-a/m.2_firmware | - |
| siemens | simatic_ipc477d_firmware | - |
| asus | rog_strix_z370-e_gaming_firmware | - |
| asus | z170-ar_firmware | - |
| asus | b150m-plus_d3_firmware | - |
| asus | h110s1_firmware | - |
| asus | prime_z370-a_firmware | - |
| siemens | simatic_field_pg_m3_firmware | * |
| siemens | simatic_ipc427d_firmware | - |
| siemens | simatic_ipc677c_firmware | * |
| asus | prime_z270-ar_firmware | - |
| asus | h110m-cs_firmware | - |
| asus | trooper_h110_d3_firmware | - |
| asus | prime_b250m-plus_firmware | - |
| asus | prime_h270m-plus_firmware | - |
| asus | h110m-ks_r1_firmware | - |
| siemens | simatic_ipc827d_firmware | * |
| asus | h110m-a/dp_firmware | - |
| siemens | simatic_ipc827c_firmware | * |
| asus | z170_pro_gaming_firmware | - |
| asus | prime_h270-pro_firmware | - |
| asus | rog_maximus_viii_impact_firmware | - |
| asus | b150m-c_firmware | - |
| asus | h110m-d/exper/si_firmware | - |
| asus | h110t-a_firmware | - |
| asus | b150-a_firmware | - |
| siemens | simatic_itp1000_firmware | * |
| asus | rog_maximus_x_code_firmware | - |
| asus | rog_strix_z370-g_gaming_firmware | - |
| asus | h110m-a_d3_firmware | - |
| siemens | simatic_ipc847d_firmware | * |
| asus | prime_h110m-p_firmware | - |
| asus | h170m-plus_firmware | - |
| asus | rog_maximus_ix_hero_firmware | - |
| asus | prime_b250m-k_firmware | - |
| asus | b250-mr_firmware | - |
| intel | manageability_engine_firmware | 11.20 |
| asus | prime_b250-plus_firmware | - |
| asus | prime_h110m2/fpt_firmware | - |
| asus | ex-b150-v7_firmware | - |
| asus | b150i_pro_gaming/aura_firmware | - |
| asus | rog_maximus_viii_hero_firmware | - |
| asus | h170_pro_gaming_firmware | - |
| siemens | simatic_ipc647c_firmware | * |
| asus | h110m-k_x_firmware | - |
| siemens | simatic_ipc547d_firmware | * |
| intel | manageability_engine_firmware | * |
| asus | h170-pro_firmware | - |
| asus | b150m-k_firmware | - |
| asus | rog_strix_z270f_gaming_firmware | - |
| asus | h170m-plus/br_firmware | - |
| asus | prime_z270-p_firmware | - |
| asus | b250-s_firmware | - |
| asus | rog_strix_h270f_gaming_firmware | - |
| asus | q170m-cm-b_firmware | - |
| asus | b150m-c_d3_firmware | - |
| siemens | simatic_field_pg_m4_firmware | * |
| asus | b150_pro_gaming/aura_firmware | - |
| asus | b250_mining_expert_firmware | - |
| asus | b150m-a_d3_firmware | - |
| asus | b150m-a/m.2_firmware | - |
| asus | h110m-k_d3_firmware | - |
| asus | h110m-p/dvi_firmware | - |
| asus | ex-b150m-v5_firmware | - |
| asus | h110m-e/m.2_firmware | - |
| asus | prime_b250m-a_firmware | - |
| asus | b150m-a_firmware | - |
| asus | b150m-k_d3_firmware | - |
| asus | h110m-a_firmware | - |
| asus | rog_strix_z270h_gaming/k1_firmware | - |
| asus | rog_maximus_x_formula_firmware | - |
| siemens | simotion_p320-4s_firmware | * |
| siemens | simatic_ipc627c_firmware | * |
| asus | b150_pro_gaming_d3_firmware | - |
| asus | rog_maximus_viii_ranger_firmware | - |
| asus | z170-premium_firmware | - |
| asus | rog_strix_b250h_gaming_firmware | - |
| asus | h110m-f_firmware | - |
| asus | rog_maximus_ix_extreme_firmware | - |
| asus | b150m-v_plus_firmware | - |
| asus | rog_maximus_viii_gene_firmware | - |
| asus | trooper_b150_d3_firmware | - |
| asus | rog_strix_b250i_gaming_firmware | - |
| asus | h110s2_firmware | - |
| asus | prime_b250m-plus/br_firmware | - |
| asus | z170-p_firmware | - |
| asus | ex-b250-v7_firmware | - |
| asus | z170-k_firmware | - |
| asus | tuf_z370-pro_gaming_firmware | - |
| asus | ex-b150m-v3_firmware | - |
| intel | manageability_engine_firmware | 11.6 |
| asus | rog_maximus_ix_formula_firmware | - |
| asus | h110m-c/br_firmware | - |
| asus | h110m-ts_firmware | - |
| asus | h170-plus_d3_firmware | - |
| asus | z170m-plus_firmware | - |
| asus | z170_pro_gaming/aura_firmware | - |
| siemens | simatic_ipc477e_firmware | * |
| asus | sabertooth_z170_mark_1_firmware | - |
| asus | h110m-e_firmware | - |
| asus | h110m-c2/tf_firmware | - |
| asus | h170i-pro_firmware | - |
| asus | rog_maximus_ix_apex_firmware | - |
| asus | q170m-c_firmware | - |
| siemens | simatic_ipc547e_firmware | * |
| asus | h110m-c2_firmware | - |
| asus | rog_strix_z270h_gaming_firmware | - |
| asus | z170-a_firmware | - |
| asus | ex-h110m-v3_firmware | - |
| asus | rog_strix_z270i_gaming_firmware | - |
| asus | b250m-c_pro_firmware | - |
| asus | q170s1_firmware | - |
| intel | manageability_engine_firmware | 11.5 |
| asus | prime_b250m-c_firmware | - |
| asus | rog_maximus_ix_code_firmware | - |
| siemens | simatic_ipc677d_firmware | * |
| asus | prime_z270-a_firmware | - |
| asus | z170-e_firmware | - |
| siemens | simatic_ipc847c_firmware | * |
| asus | q170t_firmware | - |
| asus | b150m-d_firmware | - |
| asus | prime_z270m-plus/br_firmware | - |
| asus | rog_strix_z270g_gaming_firmware | - |
| siemens | simatic_field_pg_m5_firmware | * |
| intel | manageability_engine_firmware | 11.0 |
| asus | rog_strix_b250g_gaming_firmware | - |
| asus | h110m-d_firmware | - |
| asus | prime_j3355i-c_firmware | - |
| asus | tuf_z270_mark_1_firmware | - |
| asus | rog_strix_z370-i_gaming_firmware | - |
| asus | prime_z270m-plus_firmware | - |
| asus | b150i_pro_gaming/wifi/aura_firmware | - |
| asus | ex-b250m-v3_firmware | - |
| asus | b150m-f_plus_firmware | - |
| asus | rog_strix_z370-h_gaming_firmware | - |
| asus | b150_pro_gaming_firmware | - |
| asus | prime_b250m-j_firmware | - |
| asus | ex-b250m-v_firmware | - |
| asus | prime_b250-a_firmware | - |
| asus | q170m2/cdm/si_firmware | - |
Buffer overflow in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allows attacker with remote Admin access to the system to execute arbitrary code with AMT execution privilege.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | z170m-plus/br_firmware | - |
| asus | h110m-k_firmware | - |
| asus | h170-pro/usb_3.1_firmware | - |
| asus | h110m-c/ps_firmware | - |
| asus | ex-b250m-v5_firmware | - |
| asus | b150-pro_d3_firmware | - |
| asus | q170t_v2_firmware | - |
| asus | h110m-r_firmware | - |
| asus | rog_strix_z370-f_gaming_firmware | - |
| asus | h110i-plus_firmware | - |
| asus | prime_z270-k_firmware | - |
| asus | q270-s_firmware | - |
| asus | z170-p_d3_firmware | - |
| asus | b250m-f_plus_firmware | - |
| asus | z170m-e_d3_firmware | - |
| asus | h110m-cs_x_firmware | - |
| asus | q270m-cm-a_firmware | - |
| asus | b150-plus_firmware | - |
| intel | manageability_engine_firmware | 11.7 |
| asus | h170m-e_d3_firmware | - |
| asus | rog_strix_z270e_gaming_firmware | - |
| asus | rog_strix_h270i_gaming_firmware | - |
| asus | prime_h270-plus_firmware | - |
| asus | h110-plus_firmware | - |
| asus | rog_maximus_viii_hero_alpha_firmware | - |
| asus | h110m-cs/br_firmware | - |
| asus | rog_strix_b250f_gaming_firmware | - |
| asus | sabertooth_z170_s_firmware | - |
| asus | z170-pro_firmware | - |
| asus | prime_z370-p_firmware | - |
| asus | h110m-plus_firmware | - |
| asus | b150m_pro_gaming_firmware | - |
| asus | prime_b250-pro_firmware | - |
| asus | tuf_z270_mark_2_firmware | - |
| asus | pio-b250i_firmware | - |
| asus | ex-b150m-v_firmware | - |
| asus | tuf_z370-plus_gaming_firmware | - |
| intel | manageability_engine_firmware | 11.10 |
| asus | b150m-plus_firmware | - |
| siemens | sinumerik_pcu50.5-p_firmware | * |
| siemens | sinumerik_pcu50.5-c_firmware | * |
| siemens | simatic_ipc647d_firmware | * |
| intel | active_management_technology_firmware | - |
| asus | rog_maximus_x_apex_firmware | - |
| asus | z170i_pro_gaming_firmware | - |
| asus | pio-b150m_firmware | - |
| asus | h110t_firmware | - |
| asus | h110m-ks_firmware | - |
| asus | ex-h110m-v_firmware | - |
| asus | z170-deluxe_firmware | - |
| asus | rog_maximus_x_hero_firmware | - |
| siemens | simatic_ipc627d_firmware | * |
| asus | b150m-c/br_firmware | - |
| asus | prime_h110m2_firmware | - |
| asus | q170m2_firmware | - |
| asus | prime_q270m-c_firmware | - |
| asus | h110m-c/hdmi_firmware | - |
| asus | rog_maximus_viii_formula_firmware | - |
| asus | b150-pro_firmware | - |
| asus | prime_b250m-d_firmware | - |
| siemens | simatic_ipc427e_firmware | * |
| siemens | simatic_ipc477d_pro_firmware | - |
| asus | h110m-c_firmware | - |
| asus | rog_maximus_viii_extreme_firmware | - |
| asus | h110m-a/m.2_firmware | - |
| siemens | simatic_ipc477d_firmware | - |
| asus | rog_strix_z370-e_gaming_firmware | - |
| asus | z170-ar_firmware | - |
| asus | b150m-plus_d3_firmware | - |
| asus | h110s1_firmware | - |
| asus | prime_z370-a_firmware | - |
| siemens | simatic_field_pg_m3_firmware | * |
| siemens | simatic_ipc427d_firmware | - |
| siemens | simatic_ipc677c_firmware | * |
| asus | prime_z270-ar_firmware | - |
| asus | h110m-cs_firmware | - |
| asus | trooper_h110_d3_firmware | - |
| asus | prime_b250m-plus_firmware | - |
| asus | prime_h270m-plus_firmware | - |
| asus | h110m-ks_r1_firmware | - |
| siemens | simatic_ipc827d_firmware | * |
| asus | h110m-a/dp_firmware | - |
| siemens | simatic_ipc827c_firmware | * |
| asus | z170_pro_gaming_firmware | - |
| asus | prime_h270-pro_firmware | - |
| asus | rog_maximus_viii_impact_firmware | - |
| asus | b150m-c_firmware | - |
| asus | h110m-d/exper/si_firmware | - |
| asus | h110t-a_firmware | - |
| asus | b150-a_firmware | - |
| siemens | simatic_itp1000_firmware | * |
| asus | rog_maximus_x_code_firmware | - |
| asus | rog_strix_z370-g_gaming_firmware | - |
| asus | h110m-a_d3_firmware | - |
| siemens | simatic_ipc847d_firmware | * |
| asus | prime_h110m-p_firmware | - |
| asus | h170m-plus_firmware | - |
| asus | rog_maximus_ix_hero_firmware | - |
| asus | prime_b250m-k_firmware | - |
| asus | b250-mr_firmware | - |
| intel | manageability_engine_firmware | 11.20 |
| asus | prime_b250-plus_firmware | - |
| asus | prime_h110m2/fpt_firmware | - |
| asus | ex-b150-v7_firmware | - |
| asus | b150i_pro_gaming/aura_firmware | - |
| asus | rog_maximus_viii_hero_firmware | - |
| asus | h170_pro_gaming_firmware | - |
| siemens | simatic_ipc647c_firmware | * |
| asus | h110m-k_x_firmware | - |
| siemens | simatic_ipc547d_firmware | * |
| intel | manageability_engine_firmware | * |
| asus | h170-pro_firmware | - |
| asus | b150m-k_firmware | - |
| asus | rog_strix_z270f_gaming_firmware | - |
| asus | h170m-plus/br_firmware | - |
| asus | prime_z270-p_firmware | - |
| asus | b250-s_firmware | - |
| asus | rog_strix_h270f_gaming_firmware | - |
| asus | q170m-cm-b_firmware | - |
| asus | b150m-c_d3_firmware | - |
| siemens | simatic_field_pg_m4_firmware | * |
| asus | b150_pro_gaming/aura_firmware | - |
| asus | b250_mining_expert_firmware | - |
| asus | b150m-a_d3_firmware | - |
| asus | b150m-a/m.2_firmware | - |
| asus | h110m-k_d3_firmware | - |
| asus | h110m-p/dvi_firmware | - |
| asus | ex-b150m-v5_firmware | - |
| asus | h110m-e/m.2_firmware | - |
| asus | prime_b250m-a_firmware | - |
| asus | b150m-a_firmware | - |
| asus | b150m-k_d3_firmware | - |
| asus | h110m-a_firmware | - |
| asus | rog_strix_z270h_gaming/k1_firmware | - |
| asus | rog_maximus_x_formula_firmware | - |
| siemens | simotion_p320-4s_firmware | * |
| siemens | simatic_ipc627c_firmware | * |
| asus | b150_pro_gaming_d3_firmware | - |
| asus | rog_maximus_viii_ranger_firmware | - |
| asus | z170-premium_firmware | - |
| asus | rog_strix_b250h_gaming_firmware | - |
| asus | h110m-f_firmware | - |
| asus | rog_maximus_ix_extreme_firmware | - |
| asus | b150m-v_plus_firmware | - |
| asus | rog_maximus_viii_gene_firmware | - |
| asus | trooper_b150_d3_firmware | - |
| asus | rog_strix_b250i_gaming_firmware | - |
| asus | h110s2_firmware | - |
| asus | prime_b250m-plus/br_firmware | - |
| asus | z170-p_firmware | - |
| asus | ex-b250-v7_firmware | - |
| asus | z170-k_firmware | - |
| asus | tuf_z370-pro_gaming_firmware | - |
| asus | ex-b150m-v3_firmware | - |
| intel | manageability_engine_firmware | 11.6 |
| asus | rog_maximus_ix_formula_firmware | - |
| asus | h110m-c/br_firmware | - |
| asus | h110m-ts_firmware | - |
| asus | h170-plus_d3_firmware | - |
| asus | z170m-plus_firmware | - |
| asus | z170_pro_gaming/aura_firmware | - |
| siemens | simatic_ipc477e_firmware | * |
| asus | sabertooth_z170_mark_1_firmware | - |
| asus | h110m-e_firmware | - |
| asus | h110m-c2/tf_firmware | - |
| asus | h170i-pro_firmware | - |
| asus | rog_maximus_ix_apex_firmware | - |
| asus | q170m-c_firmware | - |
| siemens | simatic_ipc547e_firmware | * |
| asus | h110m-c2_firmware | - |
| asus | rog_strix_z270h_gaming_firmware | - |
| asus | z170-a_firmware | - |
| asus | ex-h110m-v3_firmware | - |
| asus | rog_strix_z270i_gaming_firmware | - |
| asus | b250m-c_pro_firmware | - |
| asus | q170s1_firmware | - |
| intel | manageability_engine_firmware | 11.5 |
| asus | prime_b250m-c_firmware | - |
| asus | rog_maximus_ix_code_firmware | - |
| siemens | simatic_ipc677d_firmware | * |
| asus | prime_z270-a_firmware | - |
| asus | z170-e_firmware | - |
| siemens | simatic_ipc847c_firmware | * |
| asus | q170t_firmware | - |
| asus | b150m-d_firmware | - |
| asus | prime_z270m-plus/br_firmware | - |
| asus | rog_strix_z270g_gaming_firmware | - |
| siemens | simatic_field_pg_m5_firmware | * |
| intel | manageability_engine_firmware | 11.0 |
| asus | rog_strix_b250g_gaming_firmware | - |
| asus | h110m-d_firmware | - |
| asus | prime_j3355i-c_firmware | - |
| asus | tuf_z270_mark_1_firmware | - |
| asus | rog_strix_z370-i_gaming_firmware | - |
| asus | prime_z270m-plus_firmware | - |
| asus | b150i_pro_gaming/wifi/aura_firmware | - |
| asus | ex-b250m-v3_firmware | - |
| asus | b150m-f_plus_firmware | - |
| asus | rog_strix_z370-h_gaming_firmware | - |
| asus | b150_pro_gaming_firmware | - |
| asus | prime_b250m-j_firmware | - |
| asus | ex-b250m-v_firmware | - |
| asus | prime_b250-a_firmware | - |
| asus | q170m2/cdm/si_firmware | - |
ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 have Login Page CSRF and Save Settings CSRF.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac1750_firmware | 3.0.0.4.380.7266 |
ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 allow JSONP Information Disclosure such as a network map.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac1750_firmware | 3.0.0.4.380.7266 |
Cross-site scripting (XSS) vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before 3.0.0.4.380.7378; RT-AC68W routers with firmware before 3.0.0.4.380.7266; and RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1, and RT-N12+ Pro routers with firmware before 3.0.0.4.380.9488 allows remote attackers to inject arbitrary JavaScript by requesting filenames longer than 50 characters.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac53_firmware | 3.0.0.4.380.6038 |
Buffer overflows in networkmap on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before 3.0.0.4.380.7378; RT-AC68W routers with firmware before 3.0.0.4.380.7266; and RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1, and RT-N12+ Pro routers with firmware before 3.0.0.4.380.9488; and Asuswrt-Merlin firmware before 380.65_2 allow remote attackers to execute arbitrary code on the router via a long host or port in crafted multicast messages.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac53_firmware | 3.0.0.4.380.6038 |
Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before 3.0.0.4.380.7378; RT-AC68W routers with firmware before 3.0.0.4.380.7266; and RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1, and RT-N12+ Pro routers with firmware before 3.0.0.4.380.9488; and Asuswrt-Merlin firmware before 380.65_2 allows remote attackers to steal any active admin session by sending cgi_logout and asusrouter-Windows-IFTTT-1.0 in certain HTTP headers.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac53_firmware | 3.0.0.4.380.6038 |
ASUS RT-AC* and RT-N* devices with firmware through 3.0.0.4.380.7378 allow JSONP Information Disclosure such as the SSID.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac1750_firmware | 3.0.0.4.380.7266 |
ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 allow remote authenticated users to discover the Wi-Fi password via WPS_info.xml.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac1750_firmware | 3.0.0.4.380.7266 |
Cross-site scripting vulnerability in ASUS RT-AC87U Firmware version prior to 3.0.0.4.378.9383 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac87u_firmware | * |
Cross-site scripting vulnerability in ASUS RT-AC68U Firmware version prior to 3.0.0.4.380.1031 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac68u_firmware | * |
Cross-site scripting vulnerability in ASUS RT-AC1200HP Firmware version prior to 3.0.0.4.380.4180 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac1200hp_firmware | * |
Cross-site request forgery (CSRF) vulnerability in WL-330NUL Firmware version prior to 3.0.0.46 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | wl-330nul_firmware | * |
ASUS HG100 devices with firmware before 1.05.12 allow unauthenticated access, leading to remote command execution.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | hg100_firmware | * |
ASUS HG100 devices allow denial of service via an IPv4 packet flood.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | hg100_firmware | - |
Cross-site scripting in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute JavaScript via the "hook" URL parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac3200_firmware | 3.0.0.4.382.50010 |
Missing cross-site request forgery protection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to cause state-changing actions with specially crafted URLs.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac3200_firmware | 3.0.0.4.382.50010 |
Buffer overflow in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to inject system commands via the "hook" URL parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac3200_firmware | 3.0.0.4.382.50010 |
Format string vulnerability in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to read arbitrary sections of memory and CPU registers via the "hook" URL parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-134,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac3200_firmware | 3.0.0.4.382.50010 |
System command injection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute system commands via the "load_script" URL parameter.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac3200_firmware | 3.0.0.4.382.50010 |
The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains a pre-installed app with a package name of com.asus.loguploader (versionCode=1570000275, versionName=7.0.0.55_170515). This app contains an exported service app component named com.asus.loguploader.LogUploaderService that, when accessed with a particular action string, will write a bugreport (kernel log, logcat log, and the state of system services including the text of active notifications), Wi-Fi Passwords, and other system data to external storage (sdcard). Any app with the READ_EXTERNAL_STORAGE permission on this device can read this data from the sdcard after it has been dumped there by the com.asus.loguploader. Third-party apps are not allowed to directly create a bugreport or access the user's stored wireless network credentials.
CVSS 2.0
Severity: LOW
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | zenfone_3_max_firmware | 7.0.0.55 |
The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains the android framework (i.e., system_server) with a package name of android (versionCode=24, versionName=7.0) that has been modified by ASUS or another entity in the supply chain. The system_server process in the core android package has an exported broadcast receiver that allows any app co-located on the device to programmatically initiate the taking of a screenshot and have the resulting screenshot be written to external storage (i.e., sdcard). The taking of a screenshot is not transparent to the user; the device has a screen animation as the screenshot is taken and there is a notification indicating that a screenshot occurred. If the attacking app also requests the EXPAND_STATUS_BAR permission, it can wake the device up using certain techniques and expand the status bar to take a screenshot of the user's notifications even if the device has an active screen lock. The notifications may contain sensitive data such as text messages used in two-factor authentication. The system_server process that provides this capability cannot be disabled, as it is part of the Android framework. The notification can be removed by a local Denial of Service (DoS) attack to reboot the device.
CVSS 2.0
Severity: LOW
Problem Type: CWE-732,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | zenfone_3_max_firmware | - |
The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains a pre-installed platform app with a package name of com.asus.dm (versionCode=1510500200, versionName=1.5.0.40_171122) has an exposed interface in an exported service named com.asus.dm.installer.DMInstallerService that allows any app co-located on the device to use its capabilities to download an arbitrary app over the internet and install it. Any app on the device can send an intent with specific embedded data that will cause the com.asus.dm app to programmatically download and install the app. For the app to be downloaded and installed, certain data needs to be provided: download URL, package name, version name from the app's AndroidManifest.xml file, and the MD5 hash of the app. Moreover, any app that is installed using this method can also be programmatically uninstalled using the same unprotected component named com.asus.dm.installer.DMInstallerService.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | zenfone_3_max_firmware | 1.5.0.40 |
The ASUS Zenfone V Live Android device with a build fingerprint of asus/VZW_ASUS_A009/ASUS_A009:7.1.1/NMF26F/14.0610.1802.78-20180313:user/release-keys and the Asus ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys both contain a pre-installed platform app with a package name of com.asus.splendidcommandagent (versionCode=1510200090, versionName=1.2.0.18_160928) that contains an exported service named com.asus.splendidcommandagent.SplendidCommandAgentService that allows any app co-located on the device to supply arbitrary commands to be executed as the system user. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, obtain the user's text messages, and more.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | zenfone_v_live_firmware | - |
| asus | zenfone_3_max_firmware | - |
Main_Analysis_Content.asp in ASUS DSL-N12E_C1 1.1.2.3_345 is prone to Authenticated Remote Command Execution, which allows a remote attacker to execute arbitrary OS commands via service parameters, such as shell metacharacters in the destIP parameter of a cmdMethod=ping request.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | dsl-n12e_c1_firmware | 1.1.2.3_345 |
ASUS GT-AC5300 devices with firmware through 3.0.0.4.384_32738 allow remote attackers to cause a denial of service via a single "GET / HTTP/1.1\r\n" line.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | gt-ac5300_firmware | * |
Cross-site scripting (XSS) vulnerability on ASUS GT-AC5300 devices with firmware through 3.0.0.4.384_32738 allows remote attackers to inject arbitrary web script or HTML via the appGet.cgi hook parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | gt-ac5300_firmware | * |
Stack-based buffer overflow on the ASUS GT-AC5300 router through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact by setting a long sh_path0 value and then sending an appGet.cgi?hook=select_list("Storage_x_SharedPath") request, because ej_select_list in router/httpd/web.c uses strcpy.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | gt-ac5300_firmware | * |
Cross-site request forgery (CSRF) vulnerability on ASUS GT-AC5300 routers with firmware through 3.0.0.4.384_32738 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request to start_apply.htm.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | gt-ac5300_firmware | * |
blocking_request.cgi on ASUS GT-AC5300 devices through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (NULL pointer dereference and device crash) via a request that lacks a timestap parameter.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | gt-ac5300_firmware | * |
On ASUS RT-AC58U 3.0.0.4.380_6516 devices, remote attackers can discover hostnames and IP addresses by reading dhcpLeaseInfo data in the HTML source code of the Main_Login.asp page.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac58u_firmware | 3.0.0.4.380.6516 |
A cross site scripting (XSS) vulnerability on ASUS RT-AC58U 3.0.0.4.380_6516 devices allows remote attackers to inject arbitrary web script or HTML via Advanced_ASUSDDNS_Content.asp, Advanced_WSecurity_Content.asp, Advanced_Wireless_Content.asp, Logout.asp, Main_Login.asp, MobileQIS_Login.asp, QIS_wizard.htma, YandexDNS.asp, ajax_status.xml, apply.cgi, clients.asp, disk.asp, disk_utility.asp, or internet.asp.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac58u_firmware | 3.0.0.4.380.6516 |
The Asusgio low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes functionality to read and write Machine Specific Registers (MSRs). This could be leveraged to execute arbitrary ring-0 code.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | aura_sync_firmware | 1.07.22 |
The GLCKIo and Asusgio low-level drivers in ASUS Aura Sync v1.07.22 and earlier expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | aura_sync_firmware | 1.07.22 |
The GLCKIo low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes a path to write an arbitrary DWORD to an arbitrary address.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | aura_sync_firmware | 1.07.22 |
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /update_applist.asp to see if a USB device is attached to the router and if there are apps installed on the router.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | asuswrt | 3.0.0.4.384.20308 |
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | asuswrt | 3.0.0.4.384.20308 |
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can trigger a DoS of the httpd service via the /APP_Installation.asp?= URI.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | asuswrt | 3.0.0.4.384.20308 |
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. There is a stack-based buffer overflow issue in parse_req_queries function in wanduck.c via a long string over UDP, which may lead to an information leak.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | asuswrt-merlin | 3.0.0.4.384.20308 |
An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | asuswrt | * |
An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpnupload.cgi provides functionality for setting NVRAM configuration values, which allows attackers to set the admin password and launch an SSH daemon (or enable infosvr command mode), and consequently obtain remote administrative access, via a crafted request. This is available to unauthenticated attackers in conjunction with CVE-2018-5999.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-862,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | asuswrt | * |
ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13, and RT-N12 D1 routers with firmware before 3.0.0.4.380.8228; RT-AC52U B1, RT-AC1200 and RT-N600 routers with firmware before 3.0.0.4.380.10446; RT-AC55U and RT-AC55UHP routers with firmware before 3.0.0.4.382.50276; RT-AC86U and RT-AC2900 routers with firmware before 3.0.0.4.384.20648; and possibly other RT-series routers allow remote attackers to execute arbitrary code via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac52u_b1_firmware | 3.0.0.4.380.10446 |
| asus | rt-ac86u_firmware | 3.0.0.4.384.20648 |
| asus | rt-ac58u_firmware | 3.0.0.4.380.8228 |
| asus | rt-n12_d1_firmware | 3.0.0.4.380.8228 |
| asus | rt-ac1200_firmware | 3.0.0.4.380.10446 |
| asus | rt-ac51u_firmware | 3.0.0.4.380.8228 |
| asus | rt-acrh13_firmware | 3.0.0.4.380.8228 |
| asus | rt-ac1750_firmware | 3.0.0.4.380.8228 |
| asus | rt-ac66u_firmware | 3.0.0.4.380.8228 |
| asus | rt-ac2900_firmware | 3.0.0.4.384.20648 |
| asus | rt-ac55uhp_firmware | 3.0.0.4.382.50276 |
| asus | rt-ac55u_firmware | 3.0.0.4.382.50276 |
| asus | rt-n600_firmware | 3.0.0.4.380.10446 |
Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network IP address ranges by reading the new_lan_ip variable on the error_page.htm page.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asuswrt-merlin | asuswrt-merlin | * |
| asus | asus_firmware | * |
Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network devices' hostnames and MAC addresses by reading the custom_id variable on the blocking.asp page.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asuswrt-merlin | asuswrt-merlin | * |
| asus | asus_firmware | * |
Stack-based buffer overflow in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to execute arbitrary code by providing a long string to the blocking.asp page via a GET or POST request. Vulnerable parameters are flag, mac, and cat_id.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac66u_firmware | * |
Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.384_10007; RT-N18U devices before 3.0.0.4.382.39935; RT-AC87U and RT-AC3200 devices before 3.0.0.4.382.50010; and RT-AC5300 devices before 3.0.0.4.384.20287 allows OS command injection via the pingCNT and destIP fields of the SystemCmd variable.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac5300_firmware | * |
| asus | rt-ac68u_firmware | * |
| asus | rt-ac1900_firmware | * |
| asus | rt-ac87u_firmware | * |
| asus | rt-ac66u_firmware | * |
| asus | rt-ac2900_firmware | * |
| asus | rt-ac3100_firmware | * |
| asus | rt-n18u_firmware | * |
| asus | rt-ac88u_firmware | * |
| asus | rt-ac3200_firmware | * |
| asus | rt-ac86u_firmware | * |
AsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 hardware has a Pool Overflow associated with the \\.\AsusTP device, leading to a DoS or potentially privilege escalation via a crafted DeviceIoControl call.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | precision_touchpad | 11.0.0.25 |
The web api server on Port 8080 of ASUS HG100 firmware up to 1.05.12, which is vulnerable to Slowloris HTTP Denial of Service: an attacker can cause a Denial of Service (DoS) by sending headers very slowly to keep HTTP or HTTPS connections and associated resources alive for a long period of time. CVSS 3.0 Base score 7.4 (Availability impacts). CVSS vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-400,CWE-770,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | hg100_firmware | * |
A broken access control vulnerability in HG100 firmware versions up to 4.00.06 allows an attacker in the same local area network to control IoT devices that connect with itself via http://[target]/smarthome/devicecontrol without any authentication. CVSS 3.0 base score 10 (Confidentiality, Integrity and Availability impacts). CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-306,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | hg100_firmware | * |
A broken access control vulnerability in SmartHome app (Android versions up to 3.0.42_190515, ios versions up to 2.0.22) allows an attacker in the same local area network to list user accounts and control IoT devices that connect with its gateway (HG100) via http://[target]/smarthome/devicecontrol without any authentication. CVSS 3.0 base score 10 (Confidentiality, Integrity and Availability impacts). CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
CVSS 2.0
Severity: HIGH
Problem Type: CWE-306,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | smarthome | * |
The Asus ZenFone 4 Selfie Android device with a build fingerprint of asus/WW_Phone/ASUS_X00LD_1:8.1.0/OPM1.171019.011/15.0400.1809.405-0:user/release-keys contains a pre-installed app with a package name of com.log.logservice app (versionCode=1, versionName=1) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | zenfone_4_selfie_firmware | - |
The Asus ZenFone 4 Selfie Android device with a build fingerprint of Android/sdm660_64/sdm660_64:8.1.0/OPM1/14.2016.1802.247-20180419:user/release-keys contains a pre-installed app with a package name of com.log.logservice app (versionCode=1, versionName=1) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | zenfone_4_selfie_firmware | - |
The Asus ZenFone Live Android device with a build fingerprint of asus/WW_Phone/ASUS_X00LD_3:7.1.1/NMF26F/14.0400.1806.203-20180720:user/release-keys contains a pre-installed app with a package name of com.asus.atd.smmitest app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | 1.8 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-610,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | zenfone_live_(l1)_firmware | - |
The Asus ZenFone 5 Selfie Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_1:7.1.1/NMF26F/14.0400.1810.061-20181107:user/release-keys contains a pre-installed app with a package name of com.asus.atd.smmitest app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-610,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | zenfone_5_selfie_firmware | - |
The Asus ZenFone 3s Max Android device with a build fingerprint of asus/IN_X00G/ASUS_X00G_1:7.0/NRD90M/IN_X00G-14.02.1807.33-20180706:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | zenfone_3s_max_firmware | - |
The Asus ZenFone 3 Android device with a build fingerprint of asus/WW_Phone/ASUS_Z012D:7.0/NRD90M/14.2020.1708.56-20170719:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | zenfone_3_firmware | - |
The Asus ZenFone Max 4 Android device with a build fingerprint of asus/WW_Phone/ASUS_X00HD_4:7.1.1/NMF26F/14.2016.1803.373-20180308:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | zenfone_max_4_firmware | - |
The Asus ZenFone 4 Selfie Android device with a build fingerprint of asus/WW_Z01M/ASUS_Z01M_1:7.1.1/NMF26F/WW_user_11.40.208.77_20170922:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | zenfone_4_selfie_firmware | - |
The Asus ZenFone 5Q Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_2:7.1.1/NGI77B/14.0400.1809.059-20181016:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | zenfone_5q_firmware | - |
The Asus ZenFone 3 Ultra Android device with a build fingerprint of asus/WW_Phone/ASUS_A001:7.0/NRD90M/14.1010.1804.75-20180612:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | zenfone_3_ultra_firmware | - |
The Asus ASUS_A002 Android device with a build fingerprint of asus/WW_ASUS_A002/ASUS_A002:7.0/NRD90M/14.1600.1805.51-20180626:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | zenfone_ar_firmware | - |
The Asus ASUS_A002_2 Android device with a build fingerprint of asus/WW_ASUS_A002_2/ASUS_A002_2:7.0/NRD90M/14.1610.1802.18-20180321:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | zenfone_ar_firmware | - |
The Asus ZenFone 3s Max Android device with a build fingerprint of asus/IN_X00G/ASUS_X00G_1:7.0/NRD90M/IN_X00G-14.02.1807.33-20180706:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | zenfone_3s_max_firmware | - |
The Asus ZenFone Max 4 Android device with a build fingerprint of asus/WW_Phone/ASUS_X00HD_4:7.1.1/NMF26F/14.2016.1712.367-20171225:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | zenfone_4_max_firmware | - |
The Asus ASUS_X00K_1 Android device with a build fingerprint of asus/CN_X00K/ASUS_X00K_1:7.0/NRD90M/CN_X00K-14.01.1711.27-20180420:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-610,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | pegasus_4_max_firmware | - |
| asus | pegasus_4a_firmware | - |
The Asus ASUS_X00LD_3 Android device with a build fingerprint of asus/WW_Phone/ASUS_X00LD_3:7.1.1/NMF26F/14.0400.1806.203-20180720:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | zenfone_4_selfie_firmware | - |
The Asus ASUS_X015_1 Android device with a build fingerprint of asus/CN_X015/ASUS_X015_1:7.0/NRD90M/CN_X015-14.00.1709.35-20171215:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | zenfone_4_max_firmware | - |
The Asus ZenFone 5 Lite Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_1:7.1.1/NMF26F/14.0400.1810.061-20181107:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | zenfone_5_lite_firmware | - |
The Asus ZenFone 5Q Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_2:7.1.1/NGI77B/14.0400.1809.059-20181016:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | zenfone_5q_firmware | - |
The Asus ZenFone 5Q Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_2:7.1.1/NGI77B/14.0400.1809.059-20181016:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | zenfone_5q_firmware | - |
The Asus ZenFone 3 Laser Android device with a build fingerprint of asus/WW_msm8937/msm8937:7.1.1/NMF26F/WW_32.40.106.114_20180928:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | zenfone_3_laser_firmware | - |
The Asus ZenFone 4 Selfie Android device with a build fingerprint of asus/WW_Z01M/ASUS_Z01M_1:7.1.1/NMF26F/WW_71.50.395.57_20180913:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | zenfone_4_selfie_firmware | - |
The Asus ZenFone 3 Ultra Android device with a build fingerprint of asus/WW_Phone/ASUS_A001:7.0/NRD90M/14.1010.1804.75-20180612:user/release-keys contains a pre-installed app with a package name of com.asus.splendidcommandagent app (versionCode=1510200105, versionName=1.2.0.21_180605) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | zenfone_3_ultra_firmware | - |
The Asus ZenFone AR Android device with a build fingerprint of asus/WW_ASUS_A002/ASUS_A002:7.0/NRD90M/14.1600.1805.51-20180626:user/release-keys contains a pre-installed app with a package name of com.asus.splendidcommandagent app (versionCode=1510200105, versionName=1.2.0.21_180605) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | zenfone_ar_firmware | - |
The Asus ASUS_X00K_1 Android device with a build fingerprint of asus/CN_X00K/ASUS_X00K_1:7.0/NRD90M/CN_X00K-14.01.1711.27-20180420:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app (versionCode=5, versionName=5.0.1) that allows unauthorized command execution via a confused deputy attack. This capability can be accessed by any app co-located on the device.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-610,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | pegasus_4_max_firmware | - |
| asus | pegasus_4a_firmware | - |
The Asus ASUS_X015_1 Android device with a build fingerprint of asus/CN_X015/ASUS_X015_1:7.0/NRD90M/CN_X015-14.00.1709.35-20171215:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app (versionCode=5, versionName=5.0.1) that allows unauthorized command execution via a confused deputy attack. This capability can be accessed by any app co-located on the device.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-610,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | x105d_firmware | - |
An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Attackers can utilize the "discover ZigBee network procedure" to perform a denial of service attack.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | dl-101_firmware | - |
| asus | mw100_firmware | - |
| asus | ms-101_firmware | - |
| asus | as-101_firmware | - |
| asus | ts-101_firmware | - |
| asus | hg100_firmware | - |
| asus | ws-101_firmware | - |
An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Because of insecure key transport in ZigBee communication, attackers can obtain sensitive information, cause the multiple denial of service attacks, take over smart home devices, and tamper with messages.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-319,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | dl-101_firmware | - |
| asus | mw100_firmware | - |
| asus | ms-101_firmware | - |
| asus | as-101_firmware | - |
| asus | ts-101_firmware | - |
| asus | hg100_firmware | - |
| asus | ws-101_firmware | - |
An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Attackers can use the ZigBee trust center rejoin procedure to perform mutiple denial of service attacks.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | dl-101_firmware | - |
| asus | mw100_firmware | - |
| asus | ms-101_firmware | - |
| asus | as-101_firmware | - |
| asus | ts-101_firmware | - |
| asus | hg100_firmware | - |
| asus | ws-101_firmware | - |
Ene.sys in Asus Aura Sync through 1.07.71 does not properly validate input to IOCTL 0x80102044, 0x80102050, and 0x80102054, which allows local users to cause a denial of service (system crash) or gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | aura_sync | * |
The BIOS configuration design on ASUS ROG Zephyrus M GM501GS laptops with BIOS 313 relies on the main battery instead of using a CMOS battery, which reduces the value of a protection mechanism in which booting from a USB device is prohibited. Attackers who have physical laptop access can exhaust the main battery to reset the BIOS configuration, and then achieve direct access to the hard drive by booting a live USB OS without disassembling the laptop. NOTE: the vendor has apparently indicated that this is "normal" and use of the same battery for the BIOS and the overall system is a "new design." However, the vendor apparently plans to "improve" this an unspecified later time
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.8 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 0.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rog_zephyrus_m_gm501gs_firmware | - |
AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 (for Windows 10 notebook PCs) could lead to unsigned code execution with no additional execution. The user must put an application at a particular path, with a particular file name.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.0 | HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.0 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-427,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | atk_package | * |
ASUS RT-N53 3.0.0.4.376.3754 devices have a buffer overflow via a long lan_dns1_x or lan_dns2_x parameter to Advanced_LAN_Content.asp.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-n53_firmware | 3.0.0.4.376.3754 |
DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10 notebooks and PCs could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-427,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | device_activation | * |
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H | 2.2 | 4.7 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-276,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cisco | wap351 | - |
| hp | envy_5548_k7g87a | - |
| hp | deskjet_ink_advantage_4538_f0v66b | - |
| hp | envy_4520_e6g67a | - |
| hp | hp_deskjet_ink_advantage_4535_f0v64b | - |
| hp | deskjet_ink_advantage_5575_g0v48c | - |
| hp | envy_photo_7830_y0g50b | - |
| hp | hp_deskjet_ink_advantage_4678_f1h99b | - |
| hp | envy_4512_k9h49a | - |
| hp | envy_5535 | - |
| hp | hp_officejet_4650_f1h96a | - |
| hp | envy_4500_a9t89a | - |
| hp | envy_4501_c8d05a | - |
| hp | hp_envy_4520_f0v63b | - |
| broadcom | adsl | - |
| hp | envy_6540_b9s59a | - |
| canon | selphy_cp1200 | - |
| hp | envy_100_cn517b | - |
| huawei | hg532e | - |
| hp | envy_5544_k7c89a | - |
| epson | xp-320 | - |
| hp | hp_envy_4520_f0v63a | - |
| hp | envy_pro_6420_5se45b | - |
| hp | envy_5540_g0v53a | - |
| hp | envy_5000_m2u91a | * |
| zyxel | vmg8324-b10a | - |
| hp | envy_5020_m2u91b | - |
| hp | deskjet_ink_advantage_4675_f1h97a | - |
| epson | xp-2101 | - |
| hp | envy_photo_6200_y0k13d_ | - |
| hp | envy_photo_7100_z3m37a | - |
| hp | envy_6055_5se16a | - |
| hp | hp_envy_4516_k9h52a | - |
| hp | deskjet_ink_advantage_4675_f1h97b | - |
| hp | envy_photo_7800_y0g42d | - |
| hp | envy_photo_7100_3xd89a | - |
| hp | envy_photo_7120_z3m41d | - |
| hp | envy_photo_7164_k7g99a | - |
| hp | envy_7645_e4w44a | - |
| epson | xp-8500 | - |
| hp | officejet_4654_f1j06b | - |
| hp | envy_5532 | - |
| epson | xp-970 | - |
| hp | hp_officejet_4656_k9v81b | - |
| epson | xp-8600 | - |
| hp | envy_5640_b9s56a | - |
| hp | officejet_4655_k9v82b | - |
| hp | 5030_m2u92b | - |
| hp | envy_5540_g0v47a | - |
| hp | envy_100_cn517c | - |
| hp | 5020_z4a69a | - |
| hp | deskjet_ink_advantage_4678_f1h99b | - |
| hp | envy_110_cq809b | - |
| hp | envy_4511_k9h50a | - |
| hp | envy_5000_m2u91a | - |
| epson | xp-702 | - |
| hp | envy_5000_m2u85b | - |
| hp | envy_5534 | - |
| hp | envy_6020_5se16b | - |
| cisco | wap150 | - |
| hp | envy_4504_a9t88b | - |
| hp | hp_deskjet_ink_advantage_4676_f1h98a | - |
| hp | envy_photo_6230_k7g25b | - |
| hp | envy_6020_6wd35a | - |
| hp | hp_officejet_4652_f1j02a | - |
| zyxel | amg1202-t10b | - |
| hp | envy_5539 | - |
| hp | envy_4521_k9t10b | - |
| hp | envy_114_cq811b | - |
| hp | envy_5540_g0v51a | - |
| ui | unifi_controller | - |
| hp | envy_5541_k7g89a | - |
| hp | envy_4525_k9t09b | - |
| hp | envy_photo_7822_y0g43d | - |
| epson | xp-620 | - |
| epson | ew-m970a3t | - |
| hp | envy_pro_6420_6wd14a | - |
| hp | hp_officejet_4655_k9v82b | - |
| hp | envy_4504_c8d04a | - |
| hp | hp_officejet_4654_f1j07b | - |
| hp | hp_officejet_4655_f1j00a | - |
| hp | envy_pro_6455_5se45a | - |
| hp | 5030_z4a70a | - |
| hp | envy_4508_e6g72b | - |
| hp | hp_envy_4527_j6u61b | - |
| hp | envy_100_cn518a | - |
| hp | deskjet_ink_advantage_3545_a9t81c | - |
| canonical | ubuntu_linux | 20.04 |
| hp | envy_photo_6232_k7g26b | - |
| hp | envy_5544_k7c93a | - |
| hp | envy_120_cz022a | - |
| epson | xp-4105 | - |
| microsoft | windows_10 | - |
| hp | officejet_4657_v6d29b | - |
| hp | hp_envy_4512_k9h49a | - |
| dlink | dvg-n5412sp | - |
| hp | envy_5545_g0v50a | - |
| epson | xp-2105 | - |
| hp | envy_5540_k7c85a | - |
| hp | deskjet_ink_advantage_4675_f1h97c | - |
| hp | hp_deskjet_ink_advantage_4538_f0v66b | - |
| hp | hp_officejet_4650_f1h96b | - |
| hp | envy_photo_7100_k7g93a | - |
| hp | envy_5540_g0v52a | - |
| hp | envy_5546_k7c90a | - |
| hp | hp_deskjet_ink_advantage_4675_f1h97a | - |
| epson | xp-100 | - |
| hp | envy_5000_m2u85a | - |
| hp | envy_4503_e6g71b | - |
| epson | xp-330 | - |
| hp | envy_7644_e4w46a | - |
| hp | deskjet_ink_advantage_5575_g0v48b | - |
| hp | envy_4500_a9t80a | - |
| hp | hp_envy_4520_f0v69a | - |
| hp | officejet_4654_f1j07b | - |
| ruckussecurity | zonedirector_1200 | - |
| hp | envy_100_cn519a | - |
| hp | envy_photo_7800_k7r96a | - |
| hp | hp_envy_4523_j6u60b | - |
| fedoraproject | fedora | 32 |
| epson | xp-241 | - |
| hp | envy_110_cq809d | - |
| cisco | wap131 | - |
| hp | envy_4500_d3p93a | - |
| hp | envy_4523_j6u60b | - |
| hp | deskjet_ink_advantage_4535_f0v64b | - |
| hp | envy_6020_5se17a | - |
| hp | officejet_4652_k9v84b | - |
| hp | envy_pro_6452_5se47a | - |
| hp | hp_envy_4522_f0v67a | - |
| hp | envy_5664_f8b08a | - |
| hp | hp_envy_4520_e6g67b | - |
| hp | deskjet_ink_advantage_4535_f0v64c | - |
| hp | deskjet_ink_advantage_4536_f0v65a | - |
| hp | envy_photo_6200_k7s21b | - |
| hp | envy_4524_f0v72b | - |
| hp | envy_4528_k9t08b | - |
| hp | envy_5000_z4a54a | - |
| hp | hp_envy_4526_k9t05b | - |
| hp | officejet_4655_f1j00a | - |
| hp | envy_4520_f0v69a | - |
| hp | envy_photo_7800_k7s10d | - |
| hp | hp_officejet_4658_v6d30b | - |
| hp | envy_4526_k9t05b | - |
| hp | hp_envy_4524_f0v71b | - |
| hp | envy_4502_a9t87b | - |
| hp | envy_5543_n9u88a | - |
| tp-link | archer_c50 | - |
| hp | envy_5530 | - |
| hp | envy_5542_k7c88a | - |
| hp | envy_photo_7800_k7s00a | - |
| hp | hp_deskjet_ink_advantage_4675_f1h97c | - |
| epson | xp-630 | - |
| hp | deskjet_ink_advantage_4518 | - |
| hp | deskjet_ink_advantage_4676_f1h98a | - |
| hp | envy_5643_b9s63a | - |
| asus | rt-n11 | - |
| hp | hp_officejet_4657_v6d29b | - |
| epson | ep-101 | - |
| hp | envy_4507_e6g70b | - |
| hp | envy_6020_7cz37a | - |
| hp | envy_4527_j6u61b | - |
| hp | hp_officejet_4652_k9v84b | - |
| hp | deskjet_ink_advantage_3545_a9t81a | - |
| hp | envy_4500_a9t80b | - |
| hp | envy_120_cz022c | - |
| hp | envy_photo_7155_z3m52a | - |
| hp | envy_photo_7822_y0g42d | - |
| nec | wr8165n | - |
| hp | envy_photo_6200_y0k15a | - |
| hp | envy_114_cq811a | - |
| hp | envy_5640_b9s58a | - |
| hp | envy_6052_5se18a | - |
| hp | envy_photo_6200_k7g18a | - |
| hp | envy_photo_6220_k7g21b | - |
| hp | hp_officejet_4652_f1j05b | - |
| hp | envy_110_cq809a | - |
| hp | hp_officejet_4650_e6g87a | - |
| hp | envy_4505_a9t86a | - |
| dell | b1165nfw | - |
| hp | envy_4509_d3p94a | - |
| hp | hp_officejet_4654_f1j06b | - |
| netgear | wnhde111 | - |
| epson | xp-960 | - |
| fedoraproject | fedora | 31 |
| hp | deskjet_ink_advantage_3456_a9t84c | - |
| hp | envy_photo_6200_k7g26b | - |
| hp | hp_envy_4513_k9h51a | - |
| epson | xp-340 | - |
| hp | officejet_4658_v6d30b | - |
| w1.fi | hostapd | * |
| hp | hp_envy_4524_k9t01a | - |
| hp | officejet_4655_k9v79a | - |
| hp | envy_photo_6252_k7g22a | - |
| hp | envy_4502_a9t85a | - |
| hp | envy_5000_m2u94b | - |
| hp | envy_photo_6222_y0k14d | - |
| hp | hp_envy_4520_e6g67a | - |
| hp | hp_envy_4525_k9t09b | - |
| hp | hp_envy_4528_k9t08b | - |
| hp | hp_officejet_4655_k9v79a | - |
| hp | deskjet_ink_advantage_3546_a9t82a | - |
| hp | envy_4524_f0v71b | - |
| hp | envy_pro_6420_6wd16a | - |
| hp | envy_4520_f0v63b | - |
| hp | deskjet_ink_advantage_4515 | - |
| hp | envy_pro_6420_5se46a | - |
| hp | envy_4524_k9t01a | - |
| hp | envy_5646_f8b05a | - |
| hp | hp_deskjet_ink_advantage_4675_f1h97b | - |
| hp | envy_4513_k9h51a | - |
| hp | envy_7640 | - |
| hp | envy_5540_f2e72a | - |
| hp | 5660_f8b04a | - |
| zte | zxv10_w300 | - |
| hp | officejet_4652_f1j02a | - |
| hp | envy_110_cq812c | - |
| hp | envy_5536 | - |
| hp | envy_120_cz022b | - |
| hp | envy_4516_k9h52a | - |
| hp | envy_photo_6222_y0k13d | - |
| hp | envy_114_cq812a | - |
| hp | envy_5642_b9s64a | - |
| hp | envy_100_cn519b | - |
| hp | envy_5547_j6u64a | - |
| hp | officejet_4656_k9v81b | - |
| hp | hp_envy_4511_k9h50a | - |
| huawei | hg255s | - |
| hp | envy_4509_d3p94b | - |
| hp | envy_photo_7100_k7g99a | - |
| hp | envy_photo_7100_z3m52a | - |
| hp | deskjet_ink_advantage_3548_a9t81b | - |
| hp | hp_envy_4524_f0v72b | - |
| hp | envy_5531 | - |
| hp | hp_deskjet_ink_advantage_4535_f0v64a | - |
| hp | envy_110_cq809c | - |
| epson | m571t | - |
| hp | envy_photo_6220_k7g20d | - |
| hp | envy_photo_7800_y0g52b | - |
| hp | envy_100_cn517a | - |
| hp | envy_5000_z4a74a | - |
| debian | debian_linux | 9.0 |
| hp | hp_deskjet_ink_advantage_4535_f0v64c | - |
| hp | envy_5665_f8b06a | - |
| hp | envy_4520_f0v63a | - |
| hp | envy_111_cq810a | - |
| hp | envy_4522_f0v67a | - |
| hp | officejet_4652_f1j05b | - |
| hp | 5034_z4a74a | - |
| hp | envy_5644_b9s65a | - |
| hp | officejet_4650_f1h96a | - |
| epson | xp-440 | - |
| hp | officejet_4650_f1h96b | - |
| hp | deskjet_ink_advantage_4535_f0v64a | - |
| hp | envy_4520_e6g67b | - |
| debian | debian_linux | 10.0 |
| microsoft | xbox_one | 10.0.19041.2494 |
| hp | officejet_4650_e6g87a | - |
| hp | envy_photo_6234_k7s21b | - |
| hp | hp_deskjet_ink_advantage_4536_f0v65a | - |
| hp | hp_envy_4521_k9t10b | - |
| epson | xp-4100 | - |
| hp | deskjet_ink_advantage_3545_a9t83b | - |
AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe in ScreenPad2_Upgrade_Tool.msi V1.0.3 for ASUS PCs with ScreenPad 1.0 (UX450FDX, UX550GDX and UX550GEX) could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-426,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | screenpad2_upgrade_tool | 1.0.3 |
An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_20253. The router accepts an arbitrary server certificate for a firmware update. The culprit is the --no-check-certificate option passed to wget tool used to download firmware update files.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N | 2.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-295,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac1900p_firmware | * |
An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_20253. They allow XSS via spoofed Release Notes on the Firmware Upgrade page.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac1900p_firmware | * |
Asus RT-N12E 2.0.0.39 is affected by an incorrect access control vulnerability. Through system.asp / start_apply.htm, an attacker can change the administrator password without any authentication.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-n12e_firmware | 2.0.0.39 |
An injection vulnerability exists in RT-AC88U Download Master before 3.1.0.108. Accessing Main_Login.asp?flag=1&productname=FOOBAR&url=/downloadmaster/task.asp will redirect to the login site, which will show the value of the parameter productname within the title. An attacker might be able to influence the appearance of the login page, aka text injection.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-74,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac88u_firmware | * |
An information disclosure vulnerability exists in RT-AC88U Download Master before 3.1.0.108. A direct access to /downloadmaster/dm_apply.cgi?action_mode=initial&download_type=General&special_cgi=get_language makes it possible to reach "unknown functionality" in a "known to be easy" manner via an unspecified "public exploit."
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-425,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac88u_firmware | * |
The ASUS DSL-N17U modem with firmware 1.1.0.2 allows attackers to access the admin interface by changing the admin password without authentication via a POST request to Advanced_System_Content.asp with the uiViewTools_username=admin&uiViewTools_Password= and uiViewTools_PasswordConfirm= substrings.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | dsl-n17u_firmware | 1.1.0.2 |
ASUS RT-AX86U router firmware below version under 9.0.0.4_386 has a buffer overflow in the blocking_request.cgi function of the httpd module that can cause code execution when an attacker constructs malicious data.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ax86u_firmware | * |
ASUS WRT-AC66U 3 RT 3.0.0.4.372_67 devices allow XSS via the Client Name field to the Parental Control feature.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac66u_firmware | 3.0.0.4.372_67 |
The UX360CA BIOS through 303 on ASUS laptops allow an attacker (with the ring 0 privilege) to overwrite nearly arbitrary physical memory locations, including SMRAM, and execute arbitrary code in the SMM (issue 3 of 3).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.2 | HIGH | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H | 1.5 | 6.0 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | ux360ca_bios | * |
Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow cgi-bin/te_acceso_router.cgi curWebPage XSS.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | askey_rtf8115vw_firmware | br_sv_g11.11_rtf_tef001_v6.54_v014 |
Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow injection of a Host HTTP header.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-601,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | askey_rtf8115vw_firmware | br_sv_g11.11_rtf_tef001_v6.54_v014 |
The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
| twcert@cert.org.tw | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | z10pe-d16_ws_firmware | 1.14.2 |
| asus | z10pr-d16_firmware | 1.14.51 |
| asus | asmb8-ikvm_firmware | 1.14.51 |
The DNS configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | z10pe-d16_ws_firmware | 1.14.2 |
| asus | z10pr-d16_firmware | 1.14.51 |
| asus | asmb8-ikvm_firmware | 1.14.51 |
The LDAP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | z10pe-d16_ws_firmware | 1.14.2 |
| asus | z10pr-d16_firmware | 1.14.51 |
| asus | asmb8-ikvm_firmware | 1.14.51 |
The UEFI configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
| twcert@cert.org.tw | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | z10pe-d16_ws_firmware | 1.14.2 |
| asus | z10pr-d16_firmware | 1.14.51 |
| asus | asmb8-ikvm_firmware | 1.14.51 |
The specific function in ASUS BMC’s firmware Web management page (Media support configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | z10pe-d16_ws_firmware | 1.14.2 |
| asus | z10pr-d16_firmware | 1.14.51 |
| asus | asmb8-ikvm_firmware | 1.14.51 |
The specific function in ASUS BMC’s firmware Web management page (Audit log configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
| twcert@cert.org.tw | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | z10pe-d16_ws_firmware | 1.14.2 |
| asus | z10pr-d16_firmware | 1.14.51 |
| asus | asmb8-ikvm_firmware | 1.14.51 |
The specific function in ASUS BMC’s firmware Web management page (Remote video configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
| twcert@cert.org.tw | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | z10pe-d16_ws_firmware | 1.14.2 |
| asus | z10pr-d16_firmware | 1.14.51 |
| asus | asmb8-ikvm_firmware | 1.14.51 |
The Web Service configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | z10pe-d16_ws_firmware | 1.14.2 |
| asus | z10pr-d16_firmware | 1.14.51 |
| asus | asmb8-ikvm_firmware | 1.14.51 |
The specific function in ASUS BMC’s firmware Web management page (Web License configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
| twcert@cert.org.tw | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | z10pe-d16_ws_firmware | 1.14.2 |
| asus | z10pr-d16_firmware | 1.14.51 |
| asus | asmb8-ikvm_firmware | 1.14.51 |
The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | z10pe-d16_ws_firmware | 1.14.2 |
| asus | z10pr-d16_firmware | 1.14.51 |
| asus | asmb8-ikvm_firmware | 1.14.51 |
The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-1 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
| twcert@cert.org.tw | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | z10pe-d16_ws_firmware | 1.14.2 |
| asus | z10pr-d16_firmware | 1.14.51 |
| asus | asmb8-ikvm_firmware | 1.14.51 |
The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-2 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
| twcert@cert.org.tw | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | z10pe-d16_ws_firmware | 1.14.2 |
| asus | z10pr-d16_firmware | 1.14.51 |
| asus | asmb8-ikvm_firmware | 1.14.51 |
The specific function in ASUS BMC’s firmware Web management page (Generate new SSL certificate) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
| twcert@cert.org.tw | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | z10pe-d16_ws_firmware | 1.14.2 |
| asus | z10pr-d16_firmware | 1.14.51 |
| asus | asmb8-ikvm_firmware | 1.14.51 |
The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | z10pe-d16_ws_firmware | 1.14.2 |
| asus | z10pr-d16_firmware | 1.14.51 |
| asus | asmb8-ikvm_firmware | 1.14.51 |
The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | z10pe-d16_ws_firmware | 1.14.2 |
| asus | z10pr-d16_firmware | 1.14.51 |
| asus | asmb8-ikvm_firmware | 1.14.51 |
The specific function in ASUS BMC’s firmware Web management page (Generate new certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
| twcert@cert.org.tw | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | esc8000_g4_firmware | 1.15.4 |
| asus | rs300-e10-rs4_firmware | 1.13.6 |
| asus | rs500-e9-rs4-u_firmware | 1.15.4 |
| asus | rs500a-e9-ps4_firmware | 1.14.1 |
| asus | rs720-e9-rs12-e_firmware | 1.15.2 |
| asus | z11pa-d8_firmware | 1.14.1 |
| asus | rs500a-e10-ps4_firmware | 1.15.2 |
| asus | rs700a-e9-rs4_firmware | 1.10.0 |
| asus | rs300-e10-ps4_firmware | 1.13.6 |
| asus | ws_x299_pro/se_firmware | 1.14.1 |
| asus | rs720a-e9-rs24v2_firmware | 1.15.1 |
| asus | asmb9-ikvm_firmware | 1.11.12 |
| asus | rs720q-e9-rs8_firmware | 1.15.0 |
| asus | pro_e800_g4_firmware | 1.14.2 |
| asus | ws_c621e_sage_firmware | 1.15.1 |
| asus | rs520-e9-rs8_firmware | 1.15.3 |
| asus | rs500a-e9-rs4_firmware | 1.14.1 |
| asus | z11pa-u12/10g-2s_firmware | 1.15.1 |
| asus | z11pr-d16_firmware | 1.15.3 |
| asus | rs520-e9-rs12-e_firmware | 1.15.3 |
| asus | rs720q-e9-rs8-s_firmware | 1.15.0 |
| asus | z11pa-d8c_firmware | 1.14.1 |
| asus | rs720a-e9-rs24-e_firmware | 1.10.3 |
| asus | rs720q-e9-rs24-s_firmware | 1.15.0 |
| asus | rs500-e9-ps4_firmware | 1.15.4 |
| asus | esc4000_dhd_g4_firmware | 1.13.7 |
| asus | esc4000_g4_firmware | 1.15.2 |
| asus | ws_c422_pro/se_firmware | 1.14.1 |
| asus | rs700-e9-rs12_firmware | 1.11.5 |
| asus | rs720-e9-rs24-u_firmware | 1.14.3 |
| asus | rs720-e9-rs8-g_firmware | 1.15.2 |
| asus | esc4000_g4x_firmware | 1.11.6 |
| asus | rs700a-e9-rs12v2_firmware | 1.15.1 |
| asus | esc8000_g4/10g_firmware | 1.15.4 |
| asus | e700_g4_firmware | 1.14.1 |
| asus | rs100-e10-pi2_firmware | 1.13.6 |
| asus | rs700-e9-rs4_firmware | 1.09 |
| asus | z11pa-u12_firmware | 1.15.1 |
| asus | knpa-u16_firmware | 1.13.4 |
| asus | rs720a-e9-rs12v2_firmware | 1.15.2 |
| asus | rs500a-e9_rs4_u_firmware | 1.14.1 |
| asus | rs500a-e10-rs4_firmware | 1.15.2 |
| asus | rs700a-e9-rs4v2_firmware | 1.15.1 |
| asus | rs500-e9-rs4_firmware | 1.15.4 |
The Firmware update function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
| twcert@cert.org.tw | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | esc8000_g4_firmware | 1.15.4 |
| asus | rs300-e10-rs4_firmware | 1.13.6 |
| asus | rs500-e9-rs4-u_firmware | 1.15.4 |
| asus | rs500a-e9-ps4_firmware | 1.14.1 |
| asus | rs720-e9-rs12-e_firmware | 1.15.2 |
| asus | z11pa-d8_firmware | 1.14.1 |
| asus | rs500a-e10-ps4_firmware | 1.15.2 |
| asus | rs700a-e9-rs4_firmware | 1.10.0 |
| asus | rs300-e10-ps4_firmware | 1.13.6 |
| asus | ws_x299_pro/se_firmware | 1.14.1 |
| asus | rs720a-e9-rs24v2_firmware | 1.15.1 |
| asus | asmb9-ikvm_firmware | 1.11.12 |
| asus | rs720q-e9-rs8_firmware | 1.15.0 |
| asus | pro_e800_g4_firmware | 1.14.2 |
| asus | ws_c621e_sage_firmware | 1.15.1 |
| asus | rs520-e9-rs8_firmware | 1.15.3 |
| asus | rs500a-e9-rs4_firmware | 1.14.1 |
| asus | z11pa-u12/10g-2s_firmware | 1.15.1 |
| asus | z11pr-d16_firmware | 1.15.3 |
| asus | rs520-e9-rs12-e_firmware | 1.15.3 |
| asus | rs720q-e9-rs8-s_firmware | 1.15.0 |
| asus | z11pa-d8c_firmware | 1.14.1 |
| asus | rs720a-e9-rs24-e_firmware | 1.10.3 |
| asus | rs720q-e9-rs24-s_firmware | 1.15.0 |
| asus | rs500-e9-ps4_firmware | 1.15.4 |
| asus | esc4000_dhd_g4_firmware | 1.13.7 |
| asus | esc4000_g4_firmware | 1.15.2 |
| asus | ws_c422_pro/se_firmware | 1.14.1 |
| asus | rs700-e9-rs12_firmware | 1.11.5 |
| asus | rs720-e9-rs24-u_firmware | 1.14.3 |
| asus | rs720-e9-rs8-g_firmware | 1.15.2 |
| asus | esc4000_g4x_firmware | 1.11.6 |
| asus | rs700a-e9-rs12v2_firmware | 1.15.1 |
| asus | esc8000_g4/10g_firmware | 1.15.4 |
| asus | e700_g4_firmware | 1.14.1 |
| asus | rs100-e10-pi2_firmware | 1.13.6 |
| asus | rs700-e9-rs4_firmware | 1.09 |
| asus | z11pa-u12_firmware | 1.15.1 |
| asus | knpa-u16_firmware | 1.13.4 |
| asus | rs720a-e9-rs12v2_firmware | 1.15.2 |
| asus | rs500a-e9_rs4_u_firmware | 1.14.1 |
| asus | rs500a-e10-rs4_firmware | 1.15.2 |
| asus | rs700a-e9-rs4v2_firmware | 1.15.1 |
| asus | rs500-e9-rs4_firmware | 1.15.4 |
The specific function in ASUS BMC’s firmware Web management page (Remote video storage function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | esc8000_g4_firmware | 1.15.4 |
| asus | rs300-e10-rs4_firmware | 1.13.6 |
| asus | rs500-e9-rs4-u_firmware | 1.15.4 |
| asus | rs500a-e9-ps4_firmware | 1.14.1 |
| asus | rs720-e9-rs12-e_firmware | 1.15.2 |
| asus | z11pa-d8_firmware | 1.14.1 |
| asus | rs500a-e10-ps4_firmware | 1.15.2 |
| asus | rs700a-e9-rs4_firmware | 1.10.0 |
| asus | rs300-e10-ps4_firmware | 1.13.6 |
| asus | ws_x299_pro/se_firmware | 1.14.1 |
| asus | rs720a-e9-rs24v2_firmware | 1.15.1 |
| asus | asmb9-ikvm_firmware | 1.11.12 |
| asus | rs720q-e9-rs8_firmware | 1.15.0 |
| asus | pro_e800_g4_firmware | 1.14.2 |
| asus | ws_c621e_sage_firmware | 1.15.1 |
| asus | rs520-e9-rs8_firmware | 1.15.3 |
| asus | rs500a-e9-rs4_firmware | 1.14.1 |
| asus | z11pa-u12/10g-2s_firmware | 1.15.1 |
| asus | z11pr-d16_firmware | 1.15.3 |
| asus | rs520-e9-rs12-e_firmware | 1.15.3 |
| asus | rs720q-e9-rs8-s_firmware | 1.15.0 |
| asus | z11pa-d8c_firmware | 1.14.1 |
| asus | rs720a-e9-rs24-e_firmware | 1.10.3 |
| asus | rs720q-e9-rs24-s_firmware | 1.15.0 |
| asus | rs500-e9-ps4_firmware | 1.15.4 |
| asus | esc4000_dhd_g4_firmware | 1.13.7 |
| asus | esc4000_g4_firmware | 1.15.2 |
| asus | ws_c422_pro/se_firmware | 1.14.1 |
| asus | rs700-e9-rs12_firmware | 1.11.5 |
| asus | rs720-e9-rs24-u_firmware | 1.14.3 |
| asus | rs720-e9-rs8-g_firmware | 1.15.2 |
| asus | esc4000_g4x_firmware | 1.11.6 |
| asus | rs700a-e9-rs12v2_firmware | 1.15.1 |
| asus | esc8000_g4/10g_firmware | 1.15.4 |
| asus | e700_g4_firmware | 1.14.1 |
| asus | rs100-e10-pi2_firmware | 1.13.6 |
| asus | rs700-e9-rs4_firmware | 1.09 |
| asus | z11pa-u12_firmware | 1.15.1 |
| asus | knpa-u16_firmware | 1.13.4 |
| asus | rs720a-e9-rs12v2_firmware | 1.15.2 |
| asus | rs500a-e9_rs4_u_firmware | 1.14.1 |
| asus | rs500a-e10-rs4_firmware | 1.15.2 |
| asus | rs700a-e9-rs4v2_firmware | 1.15.1 |
| asus | rs500-e9-rs4_firmware | 1.15.4 |
The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | esc8000_g4_firmware | 1.15.4 |
| asus | rs300-e10-rs4_firmware | 1.13.6 |
| asus | rs500-e9-rs4-u_firmware | 1.15.4 |
| asus | rs500a-e9-ps4_firmware | 1.14.1 |
| asus | rs720-e9-rs12-e_firmware | 1.15.2 |
| asus | z11pa-d8_firmware | 1.14.1 |
| asus | rs500a-e10-ps4_firmware | 1.15.2 |
| asus | rs700a-e9-rs4_firmware | 1.10.0 |
| asus | rs300-e10-ps4_firmware | 1.13.6 |
| asus | ws_x299_pro/se_firmware | 1.14.1 |
| asus | rs720a-e9-rs24v2_firmware | 1.15.1 |
| asus | asmb9-ikvm_firmware | 1.11.12 |
| asus | rs720q-e9-rs8_firmware | 1.15.0 |
| asus | pro_e800_g4_firmware | 1.14.2 |
| asus | ws_c621e_sage_firmware | 1.15.1 |
| asus | rs520-e9-rs8_firmware | 1.15.3 |
| asus | rs500a-e9-rs4_firmware | 1.14.1 |
| asus | z11pa-u12/10g-2s_firmware | 1.15.1 |
| asus | z11pr-d16_firmware | 1.15.3 |
| asus | rs520-e9-rs12-e_firmware | 1.15.3 |
| asus | rs720q-e9-rs8-s_firmware | 1.15.0 |
| asus | z11pa-d8c_firmware | 1.14.1 |
| asus | rs720a-e9-rs24-e_firmware | 1.10.3 |
| asus | rs720q-e9-rs24-s_firmware | 1.15.0 |
| asus | rs500-e9-ps4_firmware | 1.15.4 |
| asus | esc4000_dhd_g4_firmware | 1.13.7 |
| asus | esc4000_g4_firmware | 1.15.2 |
| asus | ws_c422_pro/se_firmware | 1.14.1 |
| asus | rs700-e9-rs12_firmware | 1.11.5 |
| asus | rs720-e9-rs24-u_firmware | 1.14.3 |
| asus | rs720-e9-rs8-g_firmware | 1.15.2 |
| asus | esc4000_g4x_firmware | 1.11.6 |
| asus | rs700a-e9-rs12v2_firmware | 1.15.1 |
| asus | esc8000_g4/10g_firmware | 1.15.4 |
| asus | e700_g4_firmware | 1.14.1 |
| asus | rs100-e10-pi2_firmware | 1.13.6 |
| asus | rs700-e9-rs4_firmware | 1.09 |
| asus | z11pa-u12_firmware | 1.15.1 |
| asus | knpa-u16_firmware | 1.13.4 |
| asus | rs720a-e9-rs12v2_firmware | 1.15.2 |
| asus | rs500a-e9_rs4_u_firmware | 1.14.1 |
| asus | rs500a-e10-rs4_firmware | 1.15.2 |
| asus | rs700a-e9-rs4v2_firmware | 1.15.1 |
| asus | rs500-e9-rs4_firmware | 1.15.4 |
The specific function in ASUS BMC’s firmware Web management page (Remote image configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | esc8000_g4_firmware | 1.15.4 |
| asus | rs300-e10-rs4_firmware | 1.13.6 |
| asus | rs500-e9-rs4-u_firmware | 1.15.4 |
| asus | rs500a-e9-ps4_firmware | 1.14.1 |
| asus | rs720-e9-rs12-e_firmware | 1.15.2 |
| asus | z11pa-d8_firmware | 1.14.1 |
| asus | rs500a-e10-ps4_firmware | 1.15.2 |
| asus | rs700a-e9-rs4_firmware | 1.10.0 |
| asus | rs300-e10-ps4_firmware | 1.13.6 |
| asus | ws_x299_pro/se_firmware | 1.14.1 |
| asus | rs720a-e9-rs24v2_firmware | 1.15.1 |
| asus | asmb9-ikvm_firmware | 1.11.12 |
| asus | rs720q-e9-rs8_firmware | 1.15.0 |
| asus | pro_e800_g4_firmware | 1.14.2 |
| asus | ws_c621e_sage_firmware | 1.15.1 |
| asus | rs520-e9-rs8_firmware | 1.15.3 |
| asus | rs500a-e9-rs4_firmware | 1.14.1 |
| asus | z11pa-u12/10g-2s_firmware | 1.15.1 |
| asus | z11pr-d16_firmware | 1.15.3 |
| asus | rs520-e9-rs12-e_firmware | 1.15.3 |
| asus | rs720q-e9-rs8-s_firmware | 1.15.0 |
| asus | z11pa-d8c_firmware | 1.14.1 |
| asus | rs720a-e9-rs24-e_firmware | 1.10.3 |
| asus | rs720q-e9-rs24-s_firmware | 1.15.0 |
| asus | rs500-e9-ps4_firmware | 1.15.4 |
| asus | esc4000_dhd_g4_firmware | 1.13.7 |
| asus | esc4000_g4_firmware | 1.15.2 |
| asus | ws_c422_pro/se_firmware | 1.14.1 |
| asus | rs700-e9-rs12_firmware | 1.11.5 |
| asus | rs720-e9-rs24-u_firmware | 1.14.3 |
| asus | rs720-e9-rs8-g_firmware | 1.15.2 |
| asus | esc4000_g4x_firmware | 1.11.6 |
| asus | rs700a-e9-rs12v2_firmware | 1.15.1 |
| asus | esc8000_g4/10g_firmware | 1.15.4 |
| asus | e700_g4_firmware | 1.14.1 |
| asus | rs100-e10-pi2_firmware | 1.13.6 |
| asus | rs700-e9-rs4_firmware | 1.09 |
| asus | z11pa-u12_firmware | 1.15.1 |
| asus | knpa-u16_firmware | 1.13.4 |
| asus | rs720a-e9-rs12v2_firmware | 1.15.2 |
| asus | rs500a-e9_rs4_u_firmware | 1.14.1 |
| asus | rs500a-e10-rs4_firmware | 1.15.2 |
| asus | rs700a-e9-rs4v2_firmware | 1.15.1 |
| asus | rs500-e9-rs4_firmware | 1.15.4 |
The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | esc8000_g4_firmware | 1.15.4 |
| asus | rs300-e10-rs4_firmware | 1.13.6 |
| asus | rs500-e9-rs4-u_firmware | 1.15.4 |
| asus | rs500a-e9-ps4_firmware | 1.14.1 |
| asus | rs720-e9-rs12-e_firmware | 1.15.2 |
| asus | z11pa-d8_firmware | 1.14.1 |
| asus | rs500a-e10-ps4_firmware | 1.15.2 |
| asus | rs700a-e9-rs4_firmware | 1.10.0 |
| asus | rs300-e10-ps4_firmware | 1.13.6 |
| asus | ws_x299_pro/se_firmware | 1.14.1 |
| asus | rs720a-e9-rs24v2_firmware | 1.15.1 |
| asus | asmb9-ikvm_firmware | 1.11.12 |
| asus | rs720q-e9-rs8_firmware | 1.15.0 |
| asus | pro_e800_g4_firmware | 1.14.2 |
| asus | ws_c621e_sage_firmware | 1.15.1 |
| asus | rs520-e9-rs8_firmware | 1.15.3 |
| asus | rs500a-e9-rs4_firmware | 1.14.1 |
| asus | z11pa-u12/10g-2s_firmware | 1.15.1 |
| asus | z11pr-d16_firmware | 1.15.3 |
| asus | rs520-e9-rs12-e_firmware | 1.15.3 |
| asus | rs720q-e9-rs8-s_firmware | 1.15.0 |
| asus | z11pa-d8c_firmware | 1.14.1 |
| asus | rs720a-e9-rs24-e_firmware | 1.10.3 |
| asus | rs720q-e9-rs24-s_firmware | 1.15.0 |
| asus | rs500-e9-ps4_firmware | 1.15.4 |
| asus | esc4000_dhd_g4_firmware | 1.13.7 |
| asus | esc4000_g4_firmware | 1.15.2 |
| asus | ws_c422_pro/se_firmware | 1.14.1 |
| asus | rs700-e9-rs12_firmware | 1.11.5 |
| asus | rs720-e9-rs24-u_firmware | 1.14.3 |
| asus | rs720-e9-rs8-g_firmware | 1.15.2 |
| asus | esc4000_g4x_firmware | 1.11.6 |
| asus | rs700a-e9-rs12v2_firmware | 1.15.1 |
| asus | esc8000_g4/10g_firmware | 1.15.4 |
| asus | e700_g4_firmware | 1.14.1 |
| asus | rs100-e10-pi2_firmware | 1.13.6 |
| asus | rs700-e9-rs4_firmware | 1.09 |
| asus | z11pa-u12_firmware | 1.15.1 |
| asus | knpa-u16_firmware | 1.13.4 |
| asus | rs720a-e9-rs12v2_firmware | 1.15.2 |
| asus | rs500a-e9_rs4_u_firmware | 1.14.1 |
| asus | rs500a-e10-rs4_firmware | 1.15.2 |
| asus | rs700a-e9-rs4v2_firmware | 1.15.1 |
| asus | rs500-e9-rs4_firmware | 1.15.4 |
The specific function in ASUS BMC’s firmware Web management page (Generate SSL certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
| twcert@cert.org.tw | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | esc8000_g4_firmware | 1.15.4 |
| asus | rs300-e10-rs4_firmware | 1.13.6 |
| asus | rs500-e9-rs4-u_firmware | 1.15.4 |
| asus | rs500a-e9-ps4_firmware | 1.14.1 |
| asus | rs720-e9-rs12-e_firmware | 1.15.2 |
| asus | z11pa-d8_firmware | 1.14.1 |
| asus | rs500a-e10-ps4_firmware | 1.15.2 |
| asus | rs700a-e9-rs4_firmware | 1.10.0 |
| asus | rs300-e10-ps4_firmware | 1.13.6 |
| asus | ws_x299_pro/se_firmware | 1.14.1 |
| asus | rs720a-e9-rs24v2_firmware | 1.15.1 |
| asus | asmb9-ikvm_firmware | 1.11.12 |
| asus | rs720q-e9-rs8_firmware | 1.15.0 |
| asus | pro_e800_g4_firmware | 1.14.2 |
| asus | ws_c621e_sage_firmware | 1.15.1 |
| asus | rs520-e9-rs8_firmware | 1.15.3 |
| asus | rs500a-e9-rs4_firmware | 1.14.1 |
| asus | z11pa-u12/10g-2s_firmware | 1.15.1 |
| asus | z11pr-d16_firmware | 1.15.3 |
| asus | rs520-e9-rs12-e_firmware | 1.15.3 |
| asus | rs720q-e9-rs8-s_firmware | 1.15.0 |
| asus | z11pa-d8c_firmware | 1.14.1 |
| asus | rs720a-e9-rs24-e_firmware | 1.10.3 |
| asus | rs720q-e9-rs24-s_firmware | 1.15.0 |
| asus | rs500-e9-ps4_firmware | 1.15.4 |
| asus | esc4000_dhd_g4_firmware | 1.13.7 |
| asus | esc4000_g4_firmware | 1.15.2 |
| asus | ws_c422_pro/se_firmware | 1.14.1 |
| asus | rs700-e9-rs12_firmware | 1.11.5 |
| asus | rs720-e9-rs24-u_firmware | 1.14.3 |
| asus | rs720-e9-rs8-g_firmware | 1.15.2 |
| asus | esc4000_g4x_firmware | 1.11.6 |
| asus | rs700a-e9-rs12v2_firmware | 1.15.1 |
| asus | esc8000_g4/10g_firmware | 1.15.4 |
| asus | e700_g4_firmware | 1.14.1 |
| asus | rs100-e10-pi2_firmware | 1.13.6 |
| asus | rs700-e9-rs4_firmware | 1.09 |
| asus | z11pa-u12_firmware | 1.15.1 |
| asus | knpa-u16_firmware | 1.13.4 |
| asus | rs720a-e9-rs12v2_firmware | 1.15.2 |
| asus | rs500a-e9_rs4_u_firmware | 1.14.1 |
| asus | rs500a-e10-rs4_firmware | 1.15.2 |
| asus | rs700a-e9-rs4v2_firmware | 1.15.1 |
| asus | rs500-e9-rs4_firmware | 1.15.4 |
The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
| twcert@cert.org.tw | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | esc8000_g4_firmware | 1.15.4 |
| asus | rs300-e10-rs4_firmware | 1.13.6 |
| asus | rs500-e9-rs4-u_firmware | 1.15.4 |
| asus | rs500a-e9-ps4_firmware | 1.14.1 |
| asus | rs720-e9-rs12-e_firmware | 1.15.2 |
| asus | z11pa-d8_firmware | 1.14.1 |
| asus | rs500a-e10-ps4_firmware | 1.15.2 |
| asus | rs700a-e9-rs4_firmware | 1.10.0 |
| asus | rs300-e10-ps4_firmware | 1.13.6 |
| asus | ws_x299_pro/se_firmware | 1.14.1 |
| asus | rs720a-e9-rs24v2_firmware | 1.15.1 |
| asus | asmb9-ikvm_firmware | 1.11.12 |
| asus | rs720q-e9-rs8_firmware | 1.15.0 |
| asus | pro_e800_g4_firmware | 1.14.2 |
| asus | ws_c621e_sage_firmware | 1.15.1 |
| asus | rs520-e9-rs8_firmware | 1.15.3 |
| asus | rs500a-e9-rs4_firmware | 1.14.1 |
| asus | z11pa-u12/10g-2s_firmware | 1.15.1 |
| asus | z11pr-d16_firmware | 1.15.3 |
| asus | rs520-e9-rs12-e_firmware | 1.15.3 |
| asus | rs720q-e9-rs8-s_firmware | 1.15.0 |
| asus | z11pa-d8c_firmware | 1.14.1 |
| asus | rs720a-e9-rs24-e_firmware | 1.10.3 |
| asus | rs720q-e9-rs24-s_firmware | 1.15.0 |
| asus | rs500-e9-ps4_firmware | 1.15.4 |
| asus | esc4000_dhd_g4_firmware | 1.13.7 |
| asus | esc4000_g4_firmware | 1.15.2 |
| asus | ws_c422_pro/se_firmware | 1.14.1 |
| asus | rs700-e9-rs12_firmware | 1.11.5 |
| asus | rs720-e9-rs24-u_firmware | 1.14.3 |
| asus | rs720-e9-rs8-g_firmware | 1.15.2 |
| asus | esc4000_g4x_firmware | 1.11.6 |
| asus | rs700a-e9-rs12v2_firmware | 1.15.1 |
| asus | esc8000_g4/10g_firmware | 1.15.4 |
| asus | e700_g4_firmware | 1.14.1 |
| asus | rs100-e10-pi2_firmware | 1.13.6 |
| asus | rs700-e9-rs4_firmware | 1.09 |
| asus | z11pa-u12_firmware | 1.15.1 |
| asus | knpa-u16_firmware | 1.13.4 |
| asus | rs720a-e9-rs12v2_firmware | 1.15.2 |
| asus | rs500a-e9_rs4_u_firmware | 1.14.1 |
| asus | rs500a-e10-rs4_firmware | 1.15.2 |
| asus | rs700a-e9-rs4v2_firmware | 1.15.1 |
| asus | rs500-e9-rs4_firmware | 1.15.4 |
The Firmware protocol configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | esc8000_g4_firmware | 1.15.4 |
| asus | rs300-e10-rs4_firmware | 1.13.6 |
| asus | rs500-e9-rs4-u_firmware | 1.15.4 |
| asus | rs500a-e9-ps4_firmware | 1.14.1 |
| asus | rs720-e9-rs12-e_firmware | 1.15.2 |
| asus | z11pa-d8_firmware | 1.14.1 |
| asus | rs500a-e10-ps4_firmware | 1.15.2 |
| asus | rs700a-e9-rs4_firmware | 1.10.0 |
| asus | rs300-e10-ps4_firmware | 1.13.6 |
| asus | ws_x299_pro/se_firmware | 1.14.1 |
| asus | rs720a-e9-rs24v2_firmware | 1.15.1 |
| asus | asmb9-ikvm_firmware | 1.11.12 |
| asus | rs720q-e9-rs8_firmware | 1.15.0 |
| asus | pro_e800_g4_firmware | 1.14.2 |
| asus | ws_c621e_sage_firmware | 1.15.1 |
| asus | rs520-e9-rs8_firmware | 1.15.3 |
| asus | rs500a-e9-rs4_firmware | 1.14.1 |
| asus | z11pa-u12/10g-2s_firmware | 1.15.1 |
| asus | z11pr-d16_firmware | 1.15.3 |
| asus | rs520-e9-rs12-e_firmware | 1.15.3 |
| asus | rs720q-e9-rs8-s_firmware | 1.15.0 |
| asus | z11pa-d8c_firmware | 1.14.1 |
| asus | rs720a-e9-rs24-e_firmware | 1.10.3 |
| asus | rs720q-e9-rs24-s_firmware | 1.15.0 |
| asus | rs500-e9-ps4_firmware | 1.15.4 |
| asus | esc4000_dhd_g4_firmware | 1.13.7 |
| asus | esc4000_g4_firmware | 1.15.2 |
| asus | ws_c422_pro/se_firmware | 1.14.1 |
| asus | rs700-e9-rs12_firmware | 1.11.5 |
| asus | rs720-e9-rs24-u_firmware | 1.14.3 |
| asus | rs720-e9-rs8-g_firmware | 1.15.2 |
| asus | esc4000_g4x_firmware | 1.11.6 |
| asus | rs700a-e9-rs12v2_firmware | 1.15.1 |
| asus | esc8000_g4/10g_firmware | 1.15.4 |
| asus | e700_g4_firmware | 1.14.1 |
| asus | rs100-e10-pi2_firmware | 1.13.6 |
| asus | rs700-e9-rs4_firmware | 1.09 |
| asus | z11pa-u12_firmware | 1.15.1 |
| asus | knpa-u16_firmware | 1.13.4 |
| asus | rs720a-e9-rs12v2_firmware | 1.15.2 |
| asus | rs500a-e9_rs4_u_firmware | 1.14.1 |
| asus | rs500a-e10-rs4_firmware | 1.15.2 |
| asus | rs700a-e9-rs4v2_firmware | 1.15.1 |
| asus | rs500-e9-rs4_firmware | 1.15.4 |
The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | esc8000_g4_firmware | 1.15.4 |
| asus | rs300-e10-rs4_firmware | 1.13.6 |
| asus | rs500-e9-rs4-u_firmware | 1.15.4 |
| asus | rs500a-e9-ps4_firmware | 1.14.1 |
| asus | rs720-e9-rs12-e_firmware | 1.15.2 |
| asus | z11pa-d8_firmware | 1.14.1 |
| asus | rs500a-e10-ps4_firmware | 1.15.2 |
| asus | rs700a-e9-rs4_firmware | 1.10.0 |
| asus | rs300-e10-ps4_firmware | 1.13.6 |
| asus | ws_x299_pro/se_firmware | 1.14.1 |
| asus | rs720a-e9-rs24v2_firmware | 1.15.1 |
| asus | asmb9-ikvm_firmware | 1.11.12 |
| asus | rs720q-e9-rs8_firmware | 1.15.0 |
| asus | pro_e800_g4_firmware | 1.14.2 |
| asus | ws_c621e_sage_firmware | 1.15.1 |
| asus | rs520-e9-rs8_firmware | 1.15.3 |
| asus | rs500a-e9-rs4_firmware | 1.14.1 |
| asus | z11pa-u12/10g-2s_firmware | 1.15.1 |
| asus | z11pr-d16_firmware | 1.15.3 |
| asus | rs520-e9-rs12-e_firmware | 1.15.3 |
| asus | rs720q-e9-rs8-s_firmware | 1.15.0 |
| asus | z11pa-d8c_firmware | 1.14.1 |
| asus | rs720a-e9-rs24-e_firmware | 1.10.3 |
| asus | rs720q-e9-rs24-s_firmware | 1.15.0 |
| asus | rs500-e9-ps4_firmware | 1.15.4 |
| asus | esc4000_dhd_g4_firmware | 1.13.7 |
| asus | esc4000_g4_firmware | 1.15.2 |
| asus | ws_c422_pro/se_firmware | 1.14.1 |
| asus | rs700-e9-rs12_firmware | 1.11.5 |
| asus | rs720-e9-rs24-u_firmware | 1.14.3 |
| asus | rs720-e9-rs8-g_firmware | 1.15.2 |
| asus | esc4000_g4x_firmware | 1.11.6 |
| asus | rs700a-e9-rs12v2_firmware | 1.15.1 |
| asus | esc8000_g4/10g_firmware | 1.15.4 |
| asus | e700_g4_firmware | 1.14.1 |
| asus | rs100-e10-pi2_firmware | 1.13.6 |
| asus | rs700-e9-rs4_firmware | 1.09 |
| asus | z11pa-u12_firmware | 1.15.1 |
| asus | knpa-u16_firmware | 1.13.4 |
| asus | rs720a-e9-rs12v2_firmware | 1.15.2 |
| asus | rs500a-e9_rs4_u_firmware | 1.14.1 |
| asus | rs500a-e10-rs4_firmware | 1.15.2 |
| asus | rs700a-e9-rs4v2_firmware | 1.15.1 |
| asus | rs500-e9-rs4_firmware | 1.15.4 |
The CD media configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
| twcert@cert.org.tw | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | esc8000_g4_firmware | 1.15.4 |
| asus | rs300-e10-rs4_firmware | 1.13.6 |
| asus | rs500-e9-rs4-u_firmware | 1.15.4 |
| asus | rs500a-e9-ps4_firmware | 1.14.1 |
| asus | rs720-e9-rs12-e_firmware | 1.15.2 |
| asus | z11pa-d8_firmware | 1.14.1 |
| asus | rs500a-e10-ps4_firmware | 1.15.2 |
| asus | rs700a-e9-rs4_firmware | 1.10.0 |
| asus | rs300-e10-ps4_firmware | 1.13.6 |
| asus | ws_x299_pro/se_firmware | 1.14.1 |
| asus | rs720a-e9-rs24v2_firmware | 1.15.1 |
| asus | asmb9-ikvm_firmware | 1.11.12 |
| asus | rs720q-e9-rs8_firmware | 1.15.0 |
| asus | pro_e800_g4_firmware | 1.14.2 |
| asus | ws_c621e_sage_firmware | 1.15.1 |
| asus | rs520-e9-rs8_firmware | 1.15.3 |
| asus | rs500a-e9-rs4_firmware | 1.14.1 |
| asus | z11pa-u12/10g-2s_firmware | 1.15.1 |
| asus | z11pr-d16_firmware | 1.15.3 |
| asus | rs520-e9-rs12-e_firmware | 1.15.3 |
| asus | rs720q-e9-rs8-s_firmware | 1.15.0 |
| asus | z11pa-d8c_firmware | 1.14.1 |
| asus | rs720a-e9-rs24-e_firmware | 1.10.3 |
| asus | rs720q-e9-rs24-s_firmware | 1.15.0 |
| asus | rs500-e9-ps4_firmware | 1.15.4 |
| asus | esc4000_dhd_g4_firmware | 1.13.7 |
| asus | esc4000_g4_firmware | 1.15.2 |
| asus | ws_c422_pro/se_firmware | 1.14.1 |
| asus | rs700-e9-rs12_firmware | 1.11.5 |
| asus | rs720-e9-rs24-u_firmware | 1.14.3 |
| asus | rs720-e9-rs8-g_firmware | 1.15.2 |
| asus | esc4000_g4x_firmware | 1.11.6 |
| asus | rs700a-e9-rs12v2_firmware | 1.15.1 |
| asus | esc8000_g4/10g_firmware | 1.15.4 |
| asus | e700_g4_firmware | 1.14.1 |
| asus | rs100-e10-pi2_firmware | 1.13.6 |
| asus | rs700-e9-rs4_firmware | 1.09 |
| asus | z11pa-u12_firmware | 1.15.1 |
| asus | knpa-u16_firmware | 1.13.4 |
| asus | rs720a-e9-rs12v2_firmware | 1.15.2 |
| asus | rs500a-e9_rs4_u_firmware | 1.14.1 |
| asus | rs500a-e10-rs4_firmware | 1.15.2 |
| asus | rs700a-e9-rs4v2_firmware | 1.15.1 |
| asus | rs500-e9-rs4_firmware | 1.15.4 |
The Service configuration-1 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | esc8000_g4_firmware | 1.15.4 |
| asus | rs300-e10-rs4_firmware | 1.13.6 |
| asus | rs500-e9-rs4-u_firmware | 1.15.4 |
| asus | rs500a-e9-ps4_firmware | 1.14.1 |
| asus | rs720-e9-rs12-e_firmware | 1.15.2 |
| asus | z11pa-d8_firmware | 1.14.1 |
| asus | rs500a-e10-ps4_firmware | 1.15.2 |
| asus | rs700a-e9-rs4_firmware | 1.10.0 |
| asus | rs300-e10-ps4_firmware | 1.13.6 |
| asus | ws_x299_pro/se_firmware | 1.14.1 |
| asus | rs720a-e9-rs24v2_firmware | 1.15.1 |
| asus | asmb9-ikvm_firmware | 1.11.12 |
| asus | rs720q-e9-rs8_firmware | 1.15.0 |
| asus | pro_e800_g4_firmware | 1.14.2 |
| asus | ws_c621e_sage_firmware | 1.15.1 |
| asus | rs520-e9-rs8_firmware | 1.15.3 |
| asus | rs500a-e9-rs4_firmware | 1.14.1 |
| asus | z11pa-u12/10g-2s_firmware | 1.15.1 |
| asus | z11pr-d16_firmware | 1.15.3 |
| asus | rs520-e9-rs12-e_firmware | 1.15.3 |
| asus | rs720q-e9-rs8-s_firmware | 1.15.0 |
| asus | z11pa-d8c_firmware | 1.14.1 |
| asus | rs720a-e9-rs24-e_firmware | 1.10.3 |
| asus | rs720q-e9-rs24-s_firmware | 1.15.0 |
| asus | rs500-e9-ps4_firmware | 1.15.4 |
| asus | esc4000_dhd_g4_firmware | 1.13.7 |
| asus | esc4000_g4_firmware | 1.15.2 |
| asus | ws_c422_pro/se_firmware | 1.14.1 |
| asus | rs700-e9-rs12_firmware | 1.11.5 |
| asus | rs720-e9-rs24-u_firmware | 1.14.3 |
| asus | rs720-e9-rs8-g_firmware | 1.15.2 |
| asus | esc4000_g4x_firmware | 1.11.6 |
| asus | rs700a-e9-rs12v2_firmware | 1.15.1 |
| asus | esc8000_g4/10g_firmware | 1.15.4 |
| asus | e700_g4_firmware | 1.14.1 |
| asus | rs100-e10-pi2_firmware | 1.13.6 |
| asus | rs700-e9-rs4_firmware | 1.09 |
| asus | z11pa-u12_firmware | 1.15.1 |
| asus | knpa-u16_firmware | 1.13.4 |
| asus | rs720a-e9-rs12v2_firmware | 1.15.2 |
| asus | rs500a-e9_rs4_u_firmware | 1.14.1 |
| asus | rs500a-e10-rs4_firmware | 1.15.2 |
| asus | rs700a-e9-rs4v2_firmware | 1.15.1 |
| asus | rs500-e9-rs4_firmware | 1.15.4 |
The Service configuration-2 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | esc8000_g4_firmware | 1.15.4 |
| asus | rs300-e10-rs4_firmware | 1.13.6 |
| asus | rs500-e9-rs4-u_firmware | 1.15.4 |
| asus | rs500a-e9-ps4_firmware | 1.14.1 |
| asus | rs720-e9-rs12-e_firmware | 1.15.2 |
| asus | z11pa-d8_firmware | 1.14.1 |
| asus | rs500a-e10-ps4_firmware | 1.15.2 |
| asus | rs700a-e9-rs4_firmware | 1.10.0 |
| asus | rs300-e10-ps4_firmware | 1.13.6 |
| asus | ws_x299_pro/se_firmware | 1.14.1 |
| asus | rs720a-e9-rs24v2_firmware | 1.15.1 |
| asus | asmb9-ikvm_firmware | 1.11.12 |
| asus | rs720q-e9-rs8_firmware | 1.15.0 |
| asus | pro_e800_g4_firmware | 1.14.2 |
| asus | ws_c621e_sage_firmware | 1.15.1 |
| asus | rs520-e9-rs8_firmware | 1.15.3 |
| asus | rs500a-e9-rs4_firmware | 1.14.1 |
| asus | z11pa-u12/10g-2s_firmware | 1.15.1 |
| asus | z11pr-d16_firmware | 1.15.3 |
| asus | rs520-e9-rs12-e_firmware | 1.15.3 |
| asus | rs720q-e9-rs8-s_firmware | 1.15.0 |
| asus | z11pa-d8c_firmware | 1.14.1 |
| asus | rs720a-e9-rs24-e_firmware | 1.10.3 |
| asus | rs720q-e9-rs24-s_firmware | 1.15.0 |
| asus | rs500-e9-ps4_firmware | 1.15.4 |
| asus | esc4000_dhd_g4_firmware | 1.13.7 |
| asus | esc4000_g4_firmware | 1.15.2 |
| asus | ws_c422_pro/se_firmware | 1.14.1 |
| asus | rs700-e9-rs12_firmware | 1.11.5 |
| asus | rs720-e9-rs24-u_firmware | 1.14.3 |
| asus | rs720-e9-rs8-g_firmware | 1.15.2 |
| asus | esc4000_g4x_firmware | 1.11.6 |
| asus | rs700a-e9-rs12v2_firmware | 1.15.1 |
| asus | esc8000_g4/10g_firmware | 1.15.4 |
| asus | e700_g4_firmware | 1.14.1 |
| asus | rs100-e10-pi2_firmware | 1.13.6 |
| asus | rs700-e9-rs4_firmware | 1.09 |
| asus | z11pa-u12_firmware | 1.15.1 |
| asus | knpa-u16_firmware | 1.13.4 |
| asus | rs720a-e9-rs12v2_firmware | 1.15.2 |
| asus | rs500a-e9_rs4_u_firmware | 1.14.1 |
| asus | rs500a-e10-rs4_firmware | 1.15.2 |
| asus | rs700a-e9-rs4v2_firmware | 1.15.1 |
| asus | rs500-e9-rs4_firmware | 1.15.4 |
The Web Set Media Image function in ASUS BMC’s firmware Web management page does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
| nvd@nist.gov | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-78,CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | z10pe-d16_ws_firmware | 1.14.2 |
| asus | z10pr-d16_firmware | 1.14.51 |
| asus | asmb8-ikvm_firmware | 1.14.51 |
The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
| twcert@cert.org.tw | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-78,CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | z10pe-d16_ws_firmware | 1.14.2 |
| asus | z10pr-d16_firmware | 1.14.51 |
| asus | asmb8-ikvm_firmware | 1.14.51 |
The specific function in ASUS BMC’s firmware Web management page (Delete SOL video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 1.2 | 3.6 |
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | z10pe-d16_ws_firmware | 1.14.2 |
| asus | z10pr-d16_firmware | 1.14.51 |
| asus | asmb8-ikvm_firmware | 1.14.51 |
The specific function in ASUS BMC’s firmware Web management page (Record video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 1.2 | 3.6 |
| twcert@cert.org.tw | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | esc8000_g4_firmware | 1.15.4 |
| asus | rs300-e10-rs4_firmware | 1.13.6 |
| asus | rs500-e9-rs4-u_firmware | 1.15.4 |
| asus | rs500a-e9-ps4_firmware | 1.14.1 |
| asus | rs720-e9-rs12-e_firmware | 1.15.2 |
| asus | z11pa-d8_firmware | 1.14.1 |
| asus | rs500a-e10-ps4_firmware | 1.15.2 |
| asus | rs700a-e9-rs4_firmware | 1.10.0 |
| asus | rs300-e10-ps4_firmware | 1.13.6 |
| asus | ws_x299_pro/se_firmware | 1.14.1 |
| asus | rs720a-e9-rs24v2_firmware | 1.15.1 |
| asus | asmb9-ikvm_firmware | 1.11.12 |
| asus | rs720q-e9-rs8_firmware | 1.15.0 |
| asus | pro_e800_g4_firmware | 1.14.2 |
| asus | ws_c621e_sage_firmware | 1.15.1 |
| asus | rs520-e9-rs8_firmware | 1.15.3 |
| asus | rs500a-e9-rs4_firmware | 1.14.1 |
| asus | z11pa-u12/10g-2s_firmware | 1.15.1 |
| asus | z11pr-d16_firmware | 1.15.3 |
| asus | rs520-e9-rs12-e_firmware | 1.15.3 |
| asus | rs720q-e9-rs8-s_firmware | 1.15.0 |
| asus | z11pa-d8c_firmware | 1.14.1 |
| asus | rs720a-e9-rs24-e_firmware | 1.10.3 |
| asus | rs720q-e9-rs24-s_firmware | 1.15.0 |
| asus | rs500-e9-ps4_firmware | 1.15.4 |
| asus | esc4000_dhd_g4_firmware | 1.13.7 |
| asus | esc4000_g4_firmware | 1.15.2 |
| asus | ws_c422_pro/se_firmware | 1.14.1 |
| asus | rs700-e9-rs12_firmware | 1.11.5 |
| asus | rs720-e9-rs24-u_firmware | 1.14.3 |
| asus | rs720-e9-rs8-g_firmware | 1.15.2 |
| asus | esc4000_g4x_firmware | 1.11.6 |
| asus | rs700a-e9-rs12v2_firmware | 1.15.1 |
| asus | esc8000_g4/10g_firmware | 1.15.4 |
| asus | e700_g4_firmware | 1.14.1 |
| asus | rs100-e10-pi2_firmware | 1.13.6 |
| asus | rs700-e9-rs4_firmware | 1.09 |
| asus | z11pa-u12_firmware | 1.15.1 |
| asus | knpa-u16_firmware | 1.13.4 |
| asus | rs720a-e9-rs12v2_firmware | 1.15.2 |
| asus | rs500a-e9_rs4_u_firmware | 1.14.1 |
| asus | rs500a-e10-rs4_firmware | 1.15.2 |
| asus | rs700a-e9-rs4v2_firmware | 1.15.1 |
| asus | rs500-e9-rs4_firmware | 1.15.4 |
The specific function in ASUS BMC’s firmware Web management page (Get Help file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 1.2 | 3.6 |
| twcert@cert.org.tw | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | esc8000_g4_firmware | 1.15.4 |
| asus | rs300-e10-rs4_firmware | 1.13.6 |
| asus | rs500-e9-rs4-u_firmware | 1.15.4 |
| asus | rs500a-e9-ps4_firmware | 1.14.1 |
| asus | rs720-e9-rs12-e_firmware | 1.15.2 |
| asus | z11pa-d8_firmware | 1.14.1 |
| asus | rs500a-e10-ps4_firmware | 1.15.2 |
| asus | rs700a-e9-rs4_firmware | 1.10.0 |
| asus | rs300-e10-ps4_firmware | 1.13.6 |
| asus | ws_x299_pro/se_firmware | 1.14.1 |
| asus | rs720a-e9-rs24v2_firmware | 1.15.1 |
| asus | asmb9-ikvm_firmware | 1.11.12 |
| asus | rs720q-e9-rs8_firmware | 1.15.0 |
| asus | pro_e800_g4_firmware | 1.14.2 |
| asus | ws_c621e_sage_firmware | 1.15.1 |
| asus | rs520-e9-rs8_firmware | 1.15.3 |
| asus | rs500a-e9-rs4_firmware | 1.14.1 |
| asus | z11pa-u12/10g-2s_firmware | 1.15.1 |
| asus | z11pr-d16_firmware | 1.15.3 |
| asus | rs520-e9-rs12-e_firmware | 1.15.3 |
| asus | rs720q-e9-rs8-s_firmware | 1.15.0 |
| asus | z11pa-d8c_firmware | 1.14.1 |
| asus | rs720a-e9-rs24-e_firmware | 1.10.3 |
| asus | rs720q-e9-rs24-s_firmware | 1.15.0 |
| asus | rs500-e9-ps4_firmware | 1.15.4 |
| asus | esc4000_dhd_g4_firmware | 1.13.7 |
| asus | esc4000_g4_firmware | 1.15.2 |
| asus | ws_c422_pro/se_firmware | 1.14.1 |
| asus | rs700-e9-rs12_firmware | 1.11.5 |
| asus | rs720-e9-rs24-u_firmware | 1.14.3 |
| asus | rs720-e9-rs8-g_firmware | 1.15.2 |
| asus | esc4000_g4x_firmware | 1.11.6 |
| asus | rs700a-e9-rs12v2_firmware | 1.15.1 |
| asus | esc8000_g4/10g_firmware | 1.15.4 |
| asus | e700_g4_firmware | 1.14.1 |
| asus | rs100-e10-pi2_firmware | 1.13.6 |
| asus | rs700-e9-rs4_firmware | 1.09 |
| asus | z11pa-u12_firmware | 1.15.1 |
| asus | knpa-u16_firmware | 1.13.4 |
| asus | rs720a-e9-rs12v2_firmware | 1.15.2 |
| asus | rs500a-e9_rs4_u_firmware | 1.14.1 |
| asus | rs500a-e10-rs4_firmware | 1.15.2 |
| asus | rs700a-e9-rs4v2_firmware | 1.15.1 |
| asus | rs500-e9-rs4_firmware | 1.15.4 |
The specific function in ASUS BMC’s firmware Web management page (Get video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 1.2 | 3.6 |
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | esc8000_g4_firmware | 1.15.4 |
| asus | rs300-e10-rs4_firmware | 1.13.6 |
| asus | rs500-e9-rs4-u_firmware | 1.15.4 |
| asus | rs500a-e9-ps4_firmware | 1.14.1 |
| asus | rs720-e9-rs12-e_firmware | 1.15.2 |
| asus | z11pa-d8_firmware | 1.14.1 |
| asus | rs500a-e10-ps4_firmware | 1.15.2 |
| asus | rs700a-e9-rs4_firmware | 1.10.0 |
| asus | rs300-e10-ps4_firmware | 1.13.6 |
| asus | ws_x299_pro/se_firmware | 1.14.1 |
| asus | rs720a-e9-rs24v2_firmware | 1.15.1 |
| asus | asmb9-ikvm_firmware | 1.11.12 |
| asus | rs720q-e9-rs8_firmware | 1.15.0 |
| asus | pro_e800_g4_firmware | 1.14.2 |
| asus | ws_c621e_sage_firmware | 1.15.1 |
| asus | rs520-e9-rs8_firmware | 1.15.3 |
| asus | rs500a-e9-rs4_firmware | 1.14.1 |
| asus | z11pa-u12/10g-2s_firmware | 1.15.1 |
| asus | z11pr-d16_firmware | 1.15.3 |
| asus | rs520-e9-rs12-e_firmware | 1.15.3 |
| asus | rs720q-e9-rs8-s_firmware | 1.15.0 |
| asus | z11pa-d8c_firmware | 1.14.1 |
| asus | rs720a-e9-rs24-e_firmware | 1.10.3 |
| asus | rs720q-e9-rs24-s_firmware | 1.15.0 |
| asus | rs500-e9-ps4_firmware | 1.15.4 |
| asus | esc4000_dhd_g4_firmware | 1.13.7 |
| asus | esc4000_g4_firmware | 1.15.2 |
| asus | ws_c422_pro/se_firmware | 1.14.1 |
| asus | rs700-e9-rs12_firmware | 1.11.5 |
| asus | rs720-e9-rs24-u_firmware | 1.14.3 |
| asus | rs720-e9-rs8-g_firmware | 1.15.2 |
| asus | esc4000_g4x_firmware | 1.11.6 |
| asus | rs700a-e9-rs12v2_firmware | 1.15.1 |
| asus | esc8000_g4/10g_firmware | 1.15.4 |
| asus | e700_g4_firmware | 1.14.1 |
| asus | rs100-e10-pi2_firmware | 1.13.6 |
| asus | rs700-e9-rs4_firmware | 1.09 |
| asus | z11pa-u12_firmware | 1.15.1 |
| asus | knpa-u16_firmware | 1.13.4 |
| asus | rs720a-e9-rs12v2_firmware | 1.15.2 |
| asus | rs500a-e9_rs4_u_firmware | 1.14.1 |
| asus | rs500a-e10-rs4_firmware | 1.15.2 |
| asus | rs700a-e9-rs4v2_firmware | 1.15.1 |
| asus | rs500-e9-rs4_firmware | 1.15.4 |
The specific function in ASUS BMC’s firmware Web management page (Delete video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 1.2 | 3.6 |
| twcert@cert.org.tw | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | esc8000_g4_firmware | 1.15.4 |
| asus | rs300-e10-rs4_firmware | 1.13.6 |
| asus | rs500-e9-rs4-u_firmware | 1.15.4 |
| asus | rs500a-e9-ps4_firmware | 1.14.1 |
| asus | rs720-e9-rs12-e_firmware | 1.15.2 |
| asus | z11pa-d8_firmware | 1.14.1 |
| asus | rs500a-e10-ps4_firmware | 1.15.2 |
| asus | rs700a-e9-rs4_firmware | 1.10.0 |
| asus | rs300-e10-ps4_firmware | 1.13.6 |
| asus | ws_x299_pro/se_firmware | 1.14.1 |
| asus | rs720a-e9-rs24v2_firmware | 1.15.1 |
| asus | asmb9-ikvm_firmware | 1.11.12 |
| asus | rs720q-e9-rs8_firmware | 1.15.0 |
| asus | pro_e800_g4_firmware | 1.14.2 |
| asus | ws_c621e_sage_firmware | 1.15.1 |
| asus | rs520-e9-rs8_firmware | 1.15.3 |
| asus | rs500a-e9-rs4_firmware | 1.14.1 |
| asus | z11pa-u12/10g-2s_firmware | 1.15.1 |
| asus | z11pr-d16_firmware | 1.15.3 |
| asus | rs520-e9-rs12-e_firmware | 1.15.3 |
| asus | rs720q-e9-rs8-s_firmware | 1.15.0 |
| asus | z11pa-d8c_firmware | 1.14.1 |
| asus | rs720a-e9-rs24-e_firmware | 1.10.3 |
| asus | rs720q-e9-rs24-s_firmware | 1.15.0 |
| asus | rs500-e9-ps4_firmware | 1.15.4 |
| asus | esc4000_dhd_g4_firmware | 1.13.7 |
| asus | esc4000_g4_firmware | 1.15.2 |
| asus | ws_c422_pro/se_firmware | 1.14.1 |
| asus | rs700-e9-rs12_firmware | 1.11.5 |
| asus | rs720-e9-rs24-u_firmware | 1.14.3 |
| asus | rs720-e9-rs8-g_firmware | 1.15.2 |
| asus | esc4000_g4x_firmware | 1.11.6 |
| asus | rs700a-e9-rs12v2_firmware | 1.15.1 |
| asus | esc8000_g4/10g_firmware | 1.15.4 |
| asus | e700_g4_firmware | 1.14.1 |
| asus | rs100-e10-pi2_firmware | 1.13.6 |
| asus | rs700-e9-rs4_firmware | 1.09 |
| asus | z11pa-u12_firmware | 1.15.1 |
| asus | knpa-u16_firmware | 1.13.4 |
| asus | rs720a-e9-rs12v2_firmware | 1.15.2 |
| asus | rs500a-e9_rs4_u_firmware | 1.14.1 |
| asus | rs500a-e10-rs4_firmware | 1.15.2 |
| asus | rs700a-e9-rs4v2_firmware | 1.15.1 |
| asus | rs500-e9-rs4_firmware | 1.15.4 |
AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow low-privileged users to interact directly with physical memory (by calling one of several driver routines that map physical memory into the virtual address space of the calling process) and to interact with MSR registers. This could enable low-privileged users to achieve NT AUTHORITY\SYSTEM privileges via a DeviceIoControl.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | gputweak_ii | * |
AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow low-privileged users to trigger a stack-based buffer overflow. This could enable low-privileged users to achieve Denial of Service via a DeviceIoControl.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | gputweak_ii | * |
In ASUS RT-AX3000, ZenWiFi AX (XT8), RT-AX88U, and other ASUS routers with firmware < 3.0.0.4.386.42095 or < 9.0.0.4.386.41994, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-834,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ax86u_firmware | * |
| asus | rt-ac58u_firmware | * |
| asus | rt-ac5300_firmware | * |
| asus | rt-ax58u_firmware | * |
| asus | rt-ac68u_firmware | * |
| asus | rt-ac66u_b1_firmware | * |
| asus | rt-ac2900_firmware | * |
| asus | rt-ac88u_firmware | * |
| asus | rt-ac68r_firmware | * |
| asus | rt-ac68rw_firmware | * |
| asus | rt-ax68u_firmware | * |
| asus | rt-ax56u_firmware | * |
| asus | rt-ac1900p_firmware | * |
| asus | rt-ac1900_firmware | * |
| asus | rt-ac1900u_firmware | * |
| asus | rt-ax82u_firmware | * |
| asus | rt-ac85u_firmware | * |
| asus | rt-ac3100_firmware | * |
| asus | rt-ac86u_firmware | * |
| asus | rt-ac68p_firmware | * |
| asus | rt-ax88u_firmware | * |
| asus | rt-ac1750_b1_firmware | * |
| asus | rt-ac65u_firmware | * |
| asus | rt-ax55_firmware | * |
| asus | rt-ax3000_firmware | * |
| asus | zenwifi_ax_(xt8)_firmware | * |
| asus | rt-ac68w_firmware | * |
An issue was discovered on ASUS DSL-N14U-B1 1.1.2.3_805 devices. An attacker can upload arbitrary file content as a firmware update when the filename Settings_DSL-N14U-B1.trx is used. Once this file is loaded, shutdown measures on a wide range of services are triggered as if it were a real update, resulting in a persistent outage of those services.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-434,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | dsl-n14u_b1_firmware | 1.1.2.3_805 |
The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 and Lyra Mini before 3.0.0.4_384_46630 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator interface. This relates to handle_request in router/httpd/httpd.c and auth_check in web_hook.o. An attacker-supplied value of '\0' matches the device's default value of '\0' in some situations. Note: All versions of Lyra Mini and earlier which are unsupported (End-of-Life, EOL) are also affected by this vulnerability, Consumers can mitigate this vulnerability by disabling the remote access features from WAN.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-287,CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | gt-ac2900_firmware | * |
| asus | lyra_mini_firmware | * |
Denial of service in ASUSWRT ASUS RT-AX3000 firmware versions 3.0.0.4.384_10177 and earlier versions allows an attacker to disrupt the use of device setup services via continuous login error.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ax3000_firmware | * |
Asus DSL-N14U-B1 1.1.2.3_805 allows remote attackers to cause a Denial of Service (DoS) via a TCP SYN scan using nmap.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | dsl-n14u-b1_firmware | 1.1.2.3_805 |
Incorrect Access Control issue discoverd in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the source for COPY and MOVE operations.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H | 3.9 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac68u_firmware | * |
SQL injection vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to view sensitive information via /etc/shadow.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac68u_firmware | * |
Directory Traversal vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the target for COPY and MOVE operations.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H | 3.9 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac68u_firmware | * |
ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has improper control of Interaction frequency vulnerability, an unauthenticated attacker can remotely disconnect other users' connections by sending specially crafted SAE authentication frames.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 3.7 | LOW | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L | 2.2 | 1.4 |
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-799,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | gt-axe11000_firmware | * |
| asus | rt-ax58u_firmware | * |
| asus | rt-ax55_firmware | * |
| asus | rt-ax3000_firmware | * |
| asus | tuf-ax3000_firmware | * |
A stack overflow vulnerability exists in the httpd service in ASUS RT-AX56U Router Version 3.0.0.4.386.44266. This vulnerability is caused by the strcat function called by "caupload" input handle function allowing the user to enter 0xFFFF bytes into the stack. This vulnerability allows an attacker to execute commands remotely. The vulnerability requires authentication.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ax56u_firmware | 3.0.0.4.386.44266 |
ASUS ROG Armoury Crate Lite before 4.2.10 allows local users to gain privileges by placing a Trojan horse file in the publicly writable %PROGRAMDATA%\ASUS\GamingCenterLib directory.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.3 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | 1.3 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-427,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | armoury_crate_lite_service | * |
ASUS P453UJ contains the Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability. With a general user’s permission, local attackers can modify the BIOS by replacing or filling in the content of the designated Memory DataBuffer, which causing a failure of integrity verification and further resulting in a failure to boot.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H | 1.8 | 5.2 |
| twcert@cert.org.tw | 6.3 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H | 1.0 | 5.2 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-119,CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | p453uj_bios | 311 |
A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-307,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ax86u_firmware | * |
| asus | tuf-ax5400_firmware | * |
| asus | rt-ax88u_firmware | * |
| asus | rt-ax58u_firmware | * |
| asus | zenwifi_xd6_firmware | * |
| asus | rt-ax55_firmware | * |
| asus | rt-ax82u_gundam_edition_firmware | * |
| asus | rt-ax92u_firmware | * |
| asus | rt-ax3000_firmware | * |
| asus | rt-ax86s_firmware | * |
| asus | zenwifi_ax_(xt8)_firmware | * |
| asus | gt-ax11000_firmware | * |
| asus | rt-ax68u_firmware | * |
| asus | rt-ax56u_firmware | * |
| asus | rt-ax56u_v2_firmware | * |
| asus | rt-ax86u_zaku_ii_edition_firmware | * |
| asus | rt-ax82u_firmware | * |
| asus | tuf_gaming_ax3000_firmware | * |
An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote unauthenticated attacker to DoS via sending a specially crafted HTTP packet.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-444,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ax86u_firmware | * |
| asus | tuf-ax5400_firmware | * |
| asus | rt-ax88u_firmware | * |
| asus | rt-ax58u_firmware | * |
| asus | zenwifi_xd6_firmware | * |
| asus | rt-ax55_firmware | * |
| asus | rt-ax82u_gundam_edition_firmware | * |
| asus | rt-ax92u_firmware | * |
| asus | rt-ax3000_firmware | * |
| asus | rt-ax86s_firmware | * |
| asus | zenwifi_ax_(xt8)_firmware | * |
| asus | gt-ax11000_firmware | * |
| asus | rt-ax68u_firmware | * |
| asus | rt-ax56u_firmware | * |
| asus | rt-ax56u_v2_firmware | * |
| asus | rt-ax86u_zaku_ii_edition_firmware | * |
| asus | rt-ax82u_firmware | * |
| asus | tuf_gaming_ax3000_firmware | * |
An HTTP response splitting attack in web application in ASUS RT-AX88U before v3.0.0.4.388.20558 allows an attacker to craft a specific URL that if an authenticated victim visits it, the URL will give access to the cloud storage of the attacker.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ax88u_firmware | * |
ASUSTek ZenBook Pro Due 15 UX582 laptop firmware through 203 has Insecure Permissions that allow attacks by a physically proximate attacker.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.8 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 0.9 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-276,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | ux582lr_firmware | * |
ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.0 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H | 2.3 | 6.0 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-n12d1_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac85p_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac56u_firmware | 3.0.0.4.386.46061 |
| asus | zenwifi_pro_et12_firmware | 3.0.0.4.386.46061 |
| asus | zenwifi_ac_mini_firmware | 3.0.0.4.386.46061 |
| asus | rt-ax92u_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac1900_firmware | 3.0.0.4.386.46061 |
| asus | rog_rapture_gt-ac2900_firmware | 3.0.0.4.386.46061 |
| asus | rt-ax55_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac1200e_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac1300uhp_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac56s_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac2400_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac1200g+_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac87u_firmware | 3.0.0.4.386.46061 |
| asus | rt-ax82u_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac55u_firmware | 3.0.0.4.386.46061 |
| asus | rt-n66w_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac68r_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac55uhp_firmware | 3.0.0.4.386.46061 |
| asus | rt-n19_firmware | 3.0.0.4.386.46061 |
| asus | rt-n14uhp_firmware | 3.0.0.4.386.46061 |
| asus | rt-n12e_c1_firmware | 3.0.0.4.386.46061 |
| asus | zenwifi_xt9_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac58u_firmware | 3.0.0.4.386.46061 |
| asus | rt-ax86u_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac66u+_firmware | 3.0.0.4.386.46061 |
| asus | zenwifi_ax_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac1200g_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac1900p_firmware | 3.0.0.4.386.46061 |
| asus | zenwifi__pro_xt12_firmware | 3.0.0.4.386.46061 |
| asus | rt-ax58u_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac56r_firmware | 3.0.0.4.386.46061 |
| asus | zenwifi_xd4s_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac3100_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac1750_firmware | 3.0.0.4.386.46061 |
| asus | rog_rapture_gt-ax11000_firmware | 3.0.0.4.386.46061 |
| asus | rog_rapture_gt-ac5300_firmware | 3.0.0.4.386.46061 |
| asus | rt-n18u_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac68u_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac68uf_firmware | 3.0.0.4.386.46061 |
| asus | rt-ax3000_firmware | 3.0.0.4.386.46061 |
| asus | zenwifi_ac_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac2900_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac1300g+_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac3200_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac66r_firmware | 3.0.0.4.386.46061 |
| asus | tuf_gaming_ax3000_v2_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac88u_firmware | 3.0.0.4.386.46061 |
| asus | 4g-ac53u_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac2200_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac51u_firmware | 3.0.0.4.386.46061 |
| asus | rt-n12vp_b1_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac66u_firmware | 3.0.0.4.386.46061 |
| asus | zenwifi_xd6_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac68p_firmware | 3.0.0.4.386.46061 |
| asus | tuf_gaming_ax5400_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac87r_firmware | 3.0.0.4.386.46061 |
| asus | rt-n12hp_b1_firmware | 3.0.0.4.386.46061 |
| asus | 4g-ac68u_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac51u+_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac86u_firmware | 3.0.0.4.386.46061 |
| asus | rt-n12e_b1_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac52u_b1_firmware | 3.0.0.4.386.46061 |
| asus | rt-n66c1_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac5300_firmware | 3.0.0.4.386.46061 |
| asus | rt-n12+_b1_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac1750_b1__firmware | 3.0.0.4.386.46061 |
| asus | zenwifi_ax_hybrid_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac1200hp_firmware | 3.0.0.4.386.46061 |
| asus | rt-acrh13_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac66u_b1_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac68w_firmware | 3.0.0.4.386.46061 |
| asus | rt-ax88u_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac2600_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac85u_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac65p_firmware | 3.0.0.4.386.46061 |
| asus | rt-ax56u_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac1200gu_firmware | 3.0.0.4.386.46061 |
| asus | rt-n66u_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac1900u_firmware | 3.0.0.4.386.46061 |
| asus | zenwifi_ax_mini_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac1200_firmware | 3.0.0.4.386.46061 |
| asus | zenwifi_xd5_firmware | 3.0.0.4.386.46061 |
| asus | rt-acrh17_firmware | 3.0.0.4.386.46061 |
| asus | rt-n66r_firmware | 3.0.0.4.386.46061 |
| asus | zenwifi_et8_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac66w_firmware | 3.0.0.4.386.46061 |
| asus | rt-ax68u_firmware | 3.0.0.4.386.46061 |
| asus | rt-ax89x_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac57u_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac53_firmware | 3.0.0.4.386.46061 |
| asus | rt-ac65u_firmware | 3.0.0.4.386.46061 |
ASUS RT-AX56U Wi-Fi Router is vulnerable to stack-based buffer overflow due to improper validation for httpd parameter length. An authenticated local area network attacker can launch arbitrary code execution to control the system or disrupt service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.0 | HIGH | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.1 | 5.9 |
| twcert@cert.org.tw | 8.0 | HIGH | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.1 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-121,CWE-1284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ax56u_firmware | 3.0.0.4.386.44266 |
Asus RT-AC68U <3.0.0.4.385.20633 and RT-AC5300 <3.0.0.4.384.82072 are affected by a buffer overflow in blocking_request.cgi.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac5300_firmware | * |
| asus | rt-ac68u_firmware | * |
ASUS AC68U <=3.0.0.4.385.20852 is affected by a buffer overflow in blocking.cgi, which may cause a denial of service (DoS).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac68u_firmware | * |
Invalid input sanitizing leads to reflected Cross Site Scripting (XSS) in ASUS RT-AC52U_B1 3.0.0.4.380.10931 can lead to a user session hijack.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac52u_b1_firmware | 3.0.0.4.380.10931 |
The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from ASUS CMAX6000 v1.02.00.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-798,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | cmax6000_firmware | 1.02.00 |
ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| twcert@cert.org.tw | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | pb61v_firmware | * |
| asus | pb60s_firmware | * |
| asus | un65u_firmware | * |
| asus | pb60v_firmware | * |
| asus | pb60g_firmware | * |
| asus | pn40_firmware | * |
| asus | pn30_firmware | * |
| asus | ts10_firmware | * |
| asus | pb50_firmware | * |
| asus | pb60_firmware | * |
| asus | vc65-c1_firmware | * |
| asus | pn60_firmware | * |
| asus | pa90_firmware | * |
ASUS RT-AX56U’s login function contains a path traversal vulnerability due to its inadequate filtering for special characters in URL parameters, which allows an unauthenticated local area network attacker to access restricted system paths and download arbitrary files.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
| twcert@cert.org.tw | 6.5 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-22,CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ax56u_firmware | 3.0.0.4.386.44266 |
ROG Live Service’s function for deleting temp files created by installation has an improper link resolution before file access vulnerability. Since this function does not validate the path before deletion, an unauthenticated local attacker can create an unexpected symbolic link to system file path, to delete arbitrary system files and disrupt system service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.7 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H | 2.5 | 5.2 |
| twcert@cert.org.tw | 7.7 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H | 2.5 | 5.2 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-59,CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rog_live_service | * |
The System Diagnosis service of MyASUS before 3.1.2.0 allows privilege escalation.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | myasus | * |
ASUS RT-AX56U’s update_json function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another file with the same file name, which results in service disruption.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 8.1 | HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H | 2.8 | 5.2 |
| nvd@nist.gov | 8.1 | HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H | 2.8 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ax56u_firmware | 3.0.0.4.386.45898 |
ASUS RT-AX56U’s update_PLC/PORT file has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another PLC/PORT file with the same file name, which results in service disruption.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.1 | HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H | 2.8 | 5.2 |
| twcert@cert.org.tw | 8.1 | HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H | 2.8 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ax56u_firmware | 3.0.0.4.386.45898 |
ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation. An unauthenticated LAN attacker to inject arbitrary SQL code to read, modify and delete database.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
| twcert@cert.org.tw | 8.8 | HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ax56u_firmware | 3.0.0.4.386.45898 |
ASUS RT-AX56U’s user profile configuration function is vulnerable to stack-based buffer overflow due to insufficient validation for parameter length. An unauthenticated LAN attacker can execute arbitrary code to perform arbitrary operations or disrupt service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 8.8 | HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ax56u_firmware | 3.0.0.4.386.45898 |
ASUS RT-AC86U has improper user request handling, which allows an unauthenticated LAN attacker to cause a denial of service by sending particular request a server-to-client reply attempt.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
| twcert@cert.org.tw | 6.5 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac86u_firmware | 3.0.0.4.386.45956 |
ASUS RT-AC56U’s configuration function has a heap-based buffer overflow vulnerability due to insufficient validation for the decryption parameter length, which allows an unauthenticated LAN attacker to execute arbitrary code, perform arbitrary operations and disrupt service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 8.8 | HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac86u_firmware | 3.0.0.4.386.45956 |
ASUS RT-AC86U’s LPD service has insufficient filtering for special characters in the user request, which allows an unauthenticated LAN attacker to perform command injection attack, execute arbitrary commands and disrupt or terminate service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 8.8 | HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-78,NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac86u_firmware | 3.0.0.4.386.45956 |
A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | gt-ax11000_pro_firmware | * |
| asus | xt9_firmware | * |
| asus | rt-ax86u_firmware | * |
| asus | gt-axe16000_firmware | * |
| asus | rt-ax58u_firmware | * |
| asus | rt-ax55_firmware | * |
| asuswrt-merlin | new_gen | * |
| asus | xd6_firmware | * |
| asus | gt-ax11000_firmware | * |
| asus | rt-ax68u_firmware | * |
| asus | rt-ax56u_firmware | * |
| asus | xt8_firmware | * |
| asus | xt12_firmware | * |
| asus | et12_firmware | * |
| asus | xd4_firmware | * |
| asus | rt-ax82u_firmware | * |
| asus | tuf-ax3000_v2_firmware | * |
| asus | asuswrt | * |
| asus | gt-ax6000_firmware | * |
ASUS Control Center API has a broken access control vulnerability. An unauthenticated remote attacker can call privileged API functions to perform partial system operations or cause partial disrupt of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L | 3.9 | 2.5 |
| twcert@cert.org.tw | 7.3 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L | 3.9 | 3.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-269,CWE-863,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | control_center | 1.4.2.5 |
ASUS Control Center is vulnerable to SQL injection. An authenticated remote attacker with general user privilege can inject SQL command to specific API parameters to acquire database schema or access data.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
| twcert@cert.org.tw | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | control_center | 1.4.2.5 |
ASUS WebStorage has a hardcoded API Token in the APP source code. An unauthenticated remote attacker can use this token to establish connections with the server and carry out login attempts to general user accounts. A successful login to a general user account allows the attacker to access, modify or delete this user account information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 7.3 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L | 3.9 | 3.4 |
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-798,CWE-798,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | webstorage | * |
ASUS RT-AX88U has insufficient filtering for special characters in the HTTP header parameter. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform Stored Cross-Site Scripting (XSS) attacks.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ax88u_firmware | * |
ASUS RT-AX88U has a Format String vulnerability, which allows an unauthenticated remote attacker to write to arbitrary memory address and perform remote arbitrary code execution, arbitrary system operation or disrupt service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-134,CWE-134,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ax88u_firmware | * |
ASUS RT-N53 3.0.0.4.376.3754 has a command injection vulnerability in the SystemCmd parameter of the apply.cgi interface.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-77,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-n53_firmware | 3.0.0.4.376.3754 |
Cross Site Scripting (XSS) vulnerability in router Asus DSL-N14U-B1 1.1.2.3_805 via the "*list" parameters (e.g. filter_lwlist, keyword_rulelist, etc) in every ".asp" page containing a list of stored strings. The following asp files are affected: (1) cgi-bin/APP_Installation.asp, (2) cgi-bin/Advanced_ACL_Content.asp, (3) cgi-bin/Advanced_ADSL_Content.asp, (4) cgi-bin/Advanced_ASUSDDNS_Content.asp, (5) cgi-bin/Advanced_AiDisk_ftp.asp, (6) cgi-bin/Advanced_AiDisk_samba.asp, (7) cgi-bin/Advanced_DSL_Content.asp, (8) cgi-bin/Advanced_Firewall_Content.asp, (9) cgi-bin/Advanced_FirmwareUpgrade_Content.asp, (10) cgi-bin/Advanced_GWStaticRoute_Content.asp, (11) cgi-bin/Advanced_IPTV_Content.asp, (12) cgi-bin/Advanced_IPv6_Content.asp, (13) cgi-bin/Advanced_KeywordFilter_Content.asp, (14) cgi-bin/Advanced_LAN_Content.asp, (15) cgi-bin/Advanced_Modem_Content.asp, (16) cgi-bin/Advanced_PortTrigger_Content.asp, (17) cgi-bin/Advanced_QOSUserPrio_Content.asp, (18) cgi-bin/Advanced_QOSUserRules_Content.asp, (19) cgi-bin/Advanced_SettingBackup_Content.asp, (20) cgi-bin/Advanced_System_Content.asp, (21) cgi-bin/Advanced_URLFilter_Content.asp, (22) cgi-bin/Advanced_VPN_PPTP.asp, (23) cgi-bin/Advanced_VirtualServer_Content.asp, (24) cgi-bin/Advanced_WANPort_Content.asp, (25) cgi-bin/Advanced_WAdvanced_Content.asp, (26) cgi-bin/Advanced_WMode_Content.asp, (27) cgi-bin/Advanced_WWPS_Content.asp, (28) cgi-bin/Advanced_Wireless_Content.asp, (29) cgi-bin/Bandwidth_Limiter.asp, (30) cgi-bin/Guest_network.asp, (31) cgi-bin/Main_AccessLog_Content.asp, (32) cgi-bin/Main_AdslStatus_Content.asp, (33) cgi-bin/Main_Spectrum_Content.asp, (34) cgi-bin/Main_WebHistory_Content.asp, (35) cgi-bin/ParentalControl.asp, (36) cgi-bin/QIS_wizard.asp, (37) cgi-bin/QoS_EZQoS.asp, (38) cgi-bin/aidisk.asp, (39) cgi-bin/aidisk/Aidisk-1.asp, (40) cgi-bin/aidisk/Aidisk-2.asp, (41) cgi-bin/aidisk/Aidisk-3.asp, (42) cgi-bin/aidisk/Aidisk-4.asp, (43) cgi-bin/blocking.asp, (44) cgi-bin/cloud_main.asp, (45) cgi-bin/cloud_router_sync.asp, (46) cgi-bin/cloud_settings.asp, (47) cgi-bin/cloud_sync.asp, (48) cgi-bin/device-map/DSL_dashboard.asp, (49) cgi-bin/device-map/clients.asp, (50) cgi-bin/device-map/disk.asp, (51) cgi-bin/device-map/internet.asp, (52) cgi-bin/error_page.asp, (53) cgi-bin/index.asp, (54) cgi-bin/index2.asp, (55) cgi-bin/qis/QIS_PTM_manual_setting.asp, (56) cgi-bin/qis/QIS_admin_pass.asp, (57) cgi-bin/qis/QIS_annex_setting.asp, (58) cgi-bin/qis/QIS_bridge_cfg_tmp.asp, (59) cgi-bin/qis/QIS_detect.asp, (60) cgi-bin/qis/QIS_finish.asp, (61) cgi-bin/qis/QIS_ipoa_cfg_tmp.asp, (62) cgi-bin/qis/QIS_manual_setting.asp, (63) cgi-bin/qis/QIS_mer_cfg.asp, (64) cgi-bin/qis/QIS_mer_cfg_tmp.asp, (65) cgi-bin/qis/QIS_ppp_cfg.asp, (66) cgi-bin/qis/QIS_ppp_cfg_tmp.asp, (67) cgi-bin/qis/QIS_wireless.asp, (68) cgi-bin/query_wan_status.asp, (69) cgi-bin/query_wan_status2.asp, and (70) cgi-bin/start_apply.asp.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | dsl-n14u-b1_firmware | 1.1.2.3_805 |
An authentication bypass vulnerability exists in the get_IFTTTTtoken.cgi functionality of Asus RT-AX82U 3.0.0.4.386_49674-ge182230. A specially-crafted HTTP request can lead to full administrative access to the device. An attacker would need to send a series of HTTP requests to exploit this vulnerability.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ax82u_firmware | 3.0.0.4.386_49674-ge182230 |
There is an unquoted service path in ASUSTeK Aura Ready Game SDK service (GameSDK.exe) 1.0.0.4. This might allow a local user to escalate privileges by creating a %PROGRAMFILES(X86)%\ASUS\GameSDK.exe file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | aura_ready_game_software_development_kit | 1.0.0.4 |
AsusSwitch.exe on ASUS personal computers (running Windows) sets weak file permissions, leading to local privilege escalation (this also can be used to delete files within the system arbitrarily). This affects ASUS System Control Interface 3 before 3.1.5.0, and AsusSwitch.exe before 1.0.10.0.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | system_control_interface | * |
| asus | asusswitch | * |
AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal computers (running Windows) allows a local user to write into the Temp directory and delete another more privileged file via SYSTEM privileges. This affects ASUS System Control Interface 3 before 3.1.5.0, AsusSoftwareManger.exe before 1.0.53.0, and AsusLiveUpdate.dll before 1.0.45.0.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.0 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H | 0.8 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | system_control_interface | * |
| asus | asusliveupdate | * |
| asus | asussoftwaremanger | * |
An information disclosure vulnerability exists in the cm_processREQ_NC opcode of Asus RT-AX82U 3.0.0.4.386_49674-ge182230 router's configuration service. A specially-crafted network packets can lead to a disclosure of sensitive information. An attacker can send a network request to trigger this vulnerability.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ax82u_firmware | 3.0.0.4.386_49674-ge182230 |
A denial of service vulnerability exists in the cfg_server cm_processConnDiagPktList opcode of Asus RT-AX82U 3.0.0.4.386_49674-ge182230 router's configuration service. A specially-crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ax82u_firmware | 3.0.0.4.386_49674-ge182230 |
Armoury Crate Service’s logging function has insufficient validation to check if the log file is a symbolic link. A physical attacker with general user privilege can modify the log file property to a symbolic link that points to arbitrary system file, causing the logging function to overwrite the system file and disrupt the system.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 5.9 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H | 0.7 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | armoury_crate_service | * |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Asus NAS-M25 allows an unauthenticated attacker to inject arbitrary OS commands via unsanitized cookie values.This issue affects NAS-M25: through 1.0.1.7.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | nas-m25_firmware | * |
ASUS EC Tool driver (aka d.sys) 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, as signed by ASUS and shipped with multiple ASUS software products, contains multiple IOCTL handlers that provide raw read and write access to port I/O and MSRs via unprivileged IOCTL calls. Local users can gain privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | armoury_crate | * |
The MsIo64.sys component in Asus Aura Sync through v1.07.79 does not properly validate input to IOCTL 0x80102040, 0x80102044, 0x80102050, and 0x80102054, allowing attackers to trigger a memory corruption and cause a Denial of Service (DoS) or escalate privileges via crafted IOCTL requests.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | aura_sync | * |
ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | asmb8-ikvm_firmware | * |
ASUS SetupAsusServices v1.0.5.1 in Asus Armoury Crate v5.3.4.0 contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | armoury_crate | * |
| asus | setupasusservices | * |
ASUS RT-AC86U does not filter special characters for parameters in specific web URLs. A remote attacker with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands, disrupt system or terminate service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac86u_firmware | 3.0.0.4.386.51255 |
ASUS RT-AC86U’s specific cgi function has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A remote attacker with administrator privileges can exploit this vulnerability to execute arbitrary system commands, disrupt system or terminate service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac86u_firmware | 3.0.0.4.386.51255 |
A Cross-site scripting (XSS) vulnerability in the System Log/General Log page of the administrator web UI in ASUS RT-AC51U wireless router firmware version up to and including 3.0.0.4.380.8591 allows remote attackers to inject arbitrary web script or HTML via a malicious network request.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac51u_firmware | * |
ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 uses sensitive cookies without 'Secure' attribute. When an attacker is in a position to be able to mount a man-in-the-middle attack, and a user is tricked to log into the affected device through an unencrypted ('http') connection, the user's session may be hijacked.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ax3000_firmware | * |
ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. A remote attacker can send a specially crafted request to a device which contains a specific user agent, causing the httpd binary to crash during a string comparison performed within web.c, resulting in a DoS condition.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ax88u_firmware | * |
ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. A remote attacker can send a specially crafted request to the device which causes the httpd binary to crash within the "do_json_decode()" function of ej.c, resulting in a DoS condition.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ax88u_firmware | * |
A stored cross-site scripting (XSS) issue was discovered within the Custom User Icons functionality of ASUS RT-AX88U running firmware versions 3.0.0.4.388.23110 and prior. After a remote attacker logging in device with regular user privilege, the remote attacker can perform a Stored Cross-site Scripting (XSS) attack by uploading image which containing JavaScript code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 8.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L | 2.3 | 5.3 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ax88u_firmware | * |
Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overflow via the url parameter at /start-apply.html. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-n10lx_firmware | 2.0.0.39 |
A stored cross-site scripting (XSS) vulnerability in the urlFilterList function of Asus RT-N10LX Router v2.0.0.39 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL Keyword List text field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-n10lx_firmware | 2.0.0.39 |
Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overflow via the mac parameter at /start-apply.html. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-n10lx_firmware | 2.0.0.39 |
It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by directly using input as a format string when calling syslog in logmessage_normal function, in the do_detwan_cgi module of httpd. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service. This issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_51529.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac86u_firmware | 3.0.0.4_386_51529 |
| asus | rt-ax56u_v2_firmware | 3.0.0.4.386_50460 |
It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by lacking validation for a specific value when calling cm_processChangedConfigMsg in ccm_processREQ_CHANGED_CONFIG function in AiMesh system. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service. This issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_51529.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac86u_firmware | 3.0.0.4_386_51529 |
| asus | rt-ax56u_v2_firmware | 3.0.0.4.386_50460 |
ASUS RT-AX92U lighttpd mod_webdav.so SQL Injection Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected ASUS RT-AX92U routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mod_webdav.so module. When parsing a request, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-16078.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ax92u_firmware | 3.0.0.4.386.46061 |
ASUS RT-AC86U Adaptive QoS - Web History function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
| twcert@cert.org.tw | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac86u_firmware | 3.0.0.4_386_51529 |
ASUS RT-AC86U AiProtection security- related function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac86u_firmware | 3.0.0.4_386_51529 |
ASUS RT-AC86U unused Traffic Analyzer legacy Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac86u_firmware | 3.0.0.4_386_51529 |
ASUS RT-AC66U B1 3.0.0.4.286_51665 was discovered to transmit sensitive information in cleartext.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac66u_b1_firmware | 3.0.0.4.286_51665 |
ASUS RT-AC86U Traffic Analyzer - Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac86u_firmware | 3.0.0.4_386_51529 |
ASUS RT-AC86U Traffic Analyzer - Apps analysis function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac86u_firmware | 3.0.0.4_386_51529 |
It is identified a format string vulnerability in ASUS RT-AX56U V2. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_svr.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac86u_firmware | 3.0.0.4_386_51529 |
| asus | rt-ax55_firmware | 3.0.0.4.386_50460 |
| asus | rt-ax56u_v2_firmware | 3.0.0.4.386_50460 |
It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API. This vulnerability is caused by lacking validation for a specific value within its apply.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac86u_firmware | 3.0.0.4_386_51529 |
| asus | rt-ax55_firmware | 3.0.0.4.386_50460 |
| asus | rt-ax56u_v2_firmware | 3.0.0.4.386_50460 |
It is identified a format string vulnerability in ASUS RT-AX56U V2’s iperf client function API. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_cli.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac86u_firmware | 3.0.0.4_386_51529 |
| asus | rt-ax55_firmware | 3.0.0.4.386_50460 |
| asus | rt-ax56u_v2_firmware | 3.0.0.4.386_50460 |
On ASUS RT-AX55 3.0.0.4.386.51598 devices, authenticated attackers can perform OS command injection via the /start_apply.htm qos_bw_rulelist parameter. NOTE: for the similar "token-generated module" issue, see CVE-2023-41345; for the similar "token-refresh module" issue, see CVE-2023-41346; for the similar "check token module" issue, see CVE-2023-41347; and for the similar "code-authentication module" issue, see CVE-2023-41348.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ax55_firmware | 3.0.0.4.386.51598 |
ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-generated module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system, or terminate services.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
| twcert@cert.org.tw | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ax55_firmware | 3.0.0.4.386.51598 |
ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-refresh module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ax55_firmware | 3.0.0.4.386.51598 |
ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its check token module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ax55_firmware | 3.0.0.4.386.51598 |
ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its code-authentication module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
| twcert@cert.org.tw | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ax55_firmware | 3.0.0.4.386.51598 |
ASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. An authenticated remote attacker can exploit the exported OpenVPN configuration to execute an externally-controlled format string attack, resulting in sensitivity information leakage, or forcing the device to reset and permanent denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ax88u_firmware | * |
An improper access control vulnerability exists in RT-AC87U all versions. An attacker may read or write files that are not intended to be accessed by connecting to a target device via tftp.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N | 3.9 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | rt-ac87u_firmware | * |
ASUS Armoury Crate has a vulnerability in arbitrary file write and allows remote attackers to access or modify arbitrary files by sending specific HTTP requests without permission.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | armoury_crate | * |
A Null pointer dereference in usr/sbin/httpd in ASUS AC68U 3.0.0.4.384.82230 allows remote attackers to trigger DoS via network packet.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | 4g-ac68u_firmware | 3.0.0.4.384.82230 |
The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Reflected Cross-site scripting attacks.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 4.8 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N | 1.7 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | download_master | * |
The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Stored Cross-site scripting attacks.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 4.8 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N | 1.7 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | download_master | * |
The upload functionality of ASUS Download Master does not properly filter user input. Remote attackers with administrative privilege can exploit this vulnerability to upload any file to any location. They may even upload malicious web page files to the website directory, allowing arbitrary system commands to be executed upon browsing the webpage.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | download_master | * |
An uncontrolled DLL loading path vulnerability exists in AsusSoftwareManagerAgent. A local attacker may influence the application to load a DLL from an attacker-controlled location, potentially resulting in arbitrary code execution. Refer to the ' Security Update for MyASUS' section on the ASUS Security Advisory for more information.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | myasus | * |
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Web management interface of certain ASUS router models. This vulnerability potentially allows actions to be performed with the existing privileges of an authenticated user on the affected device, including the ability to execute system commands through unintended mechanisms. Refer to the 'Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | asus_firmware | * |
An authentication bypass vulnerability has been identified in certain DSL series routers, may allow remote attackers to gain unauthorized access into the affected system. Refer to the 'Security Update for DSL Series Router' section on the ASUS Security Advisory for more information.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | dsl-ac750_firmware | * |
| asus | dsl-ac51_firmware | * |
| asus | dsl-n16_firmware | * |
"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that met these conditions and installed the compromised versions were affected. The Live Update client has already reached End-of-Support (EOS) in October 2021, and no currently supported devices or products are affected by this issue.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asus | live_update | * |