MidnightBSD

Advisories for asus

CVE-2005-3489 HIGH

Buffer overflow in Asus Video Security 3.5.0.0 and earlier, when using authorization, allows remote attackers to execute arbitrary code via a long username/password string.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
asus video_security_online *
CVE-2005-3490 MEDIUM

Directory traversal vulnerability in the web server in Asus Video Security 3.5.0.0 and earlier allows remote attackers to read arbitrary files via "../" or "..\" sequences in the URL.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
asus video_security_online *
CVE-2011-4497 LOW

QIS_wizard.htm on the ASUS RT-N56U router with firmware before 1.0.1.4o allows remote attackers to obtain the administrator password via a flag=detect request.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
asus rt-n56u_firmware *
asus rt-n56u_firmware 1.0.1.3
asus rt-n56u_firmware 1.0.1.2
asus rt-n56u_firmware 1.0.0.9
asus rt-n56u *
CVE-2013-3093 HIGH

ASUS RT-N56U devices allow CSRF.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-352,

Products Affected

Vendor Product Version
asus rt-n56u_firmware 3.0.0.4.374_979
asus dsl-n55u_firmware 3.0.0.4.374_1397
asus rt-n16_firmware 3.0.0.4.374_979
asus rt-n53_firmware 3.0.0.4.374_311
asus rt-n10u_firmware 3.0.0.4.374_168
asus rt-n15u_firmware 3.0.0.4.374_16
asus rt-ac66u_firmware 3.0.0.4.374_2050
CVE-2013-3610 MEDIUM

qis/QIS_finish.htm on the ASUS RT-N10E router with firmware before 2.0.0.25 does not require authentication, which allows remote attackers to discover the administrator password via a direct request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
asus rt-n10e_firmware *
asus rt-n10e_firmware 2.0.0.7
asus rt-n10e_firmware 2.0.0.10
asus rt-n10e_firmware 2.0.0.16
asus rt-n10e_firmware 2.0.0.20
asus rt-n10e -
asus rt-n10e_firmware 2.0.0.19
CVE-2013-4656 HIGH

Symlink Traversal vulnerability in ASUS RT-AC66U and RT-N56U due to misconfiguration in the SMB service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
asus rt-ac66u_firmware -
asus rt-n56u_firmware -
CVE-2013-4659 HIGH

Buffer overflow in Broadcom ACSD allows remote attackers to execute arbitrary code via a long string to TCP port 5916. This component is used on routers of multiple vendors including ASUS RT-AC66U and TRENDnet TEW-812DRU.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
asus rt-ac66u_firmware -
trendnet tew-812dru_firmware -
CVE-2013-4937 HIGH

Multiple unspecified vulnerabilities in the AiCloud feature on the ASUS RT-AC66U, RT-N66U, RT-N65U, RT-N14U, RT-N16, RT-N56U, and DSL-N55U with firmware before 3.0.4.372 have unknown impact and attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
asus rt-n66u_firmware 3.0.0.4.272
asus rt-n16_firmware 3.0.0.4.220
asus rt-n16_firmware 1.0.2.3
asus rt-n56u_firmware 1.0.1.4
asus rt-n56u_firmware 1.0.1.4o
asus rt-n56u_firmware 1.0.1.8n
asus rt-n16_firmware 3.0.0.4.246
asus rt-ac66u_firmware 3.0.0.4.260
asus rt-n65u_firmware 3.0.0.4.334
asus rt-ac66u_firmware 3.0.0.4.140
asus rt-n16_firmware 3.0.0.3.108
asus rt-n65u -
asus rt-n14u_firmware *
asus rt-n14u -
asus rt-ac66u_firmware 3.0.0.4.246
asus rt-n56u_firmware 3.0.0.4.318
asus rt-ac66u_firmware 3.0.0.4.270
asus rt-n56u_firmware 1.0.1.7c
asus rt-n16_firmware *
asus rt-ac66u_firmware 3.0.0.4.220
asus rt-ac66u -
asus rt-n65u_firmware *
asus rt-n65u_firmware 3.0.0.3.134
asus rt-n56u -
asus dsl-n55u -
asus dsl-n56u_firmware *
asus rt-n56u_firmware *
asus rt-n56u_firmware 3.0.0.4.334
asus dsl-n56u_firmware 3.0.0.4.314
asus rt-n66u -
asus rt-n56u_firmware 1.0.1.8j
asus rt-n16_firmware 7.0.2.38b
asus rt-n56u_firmware 7.0.1.21
asus dsl-n56u_firmware 3.0.0.4.188
asus rt-n56u_firmware 1.0.1.8l
asus dsl-n56u_firmware 1.0.0.9
asus rt-n65u_firmware 3.0.0.4.342
asus rt-n65u_firmware 3.0.0.3.176
asus rt-ac66u_firmware *
asus rt-n56u_firmware 3.0.0.4.342
asus rt-n16_firmware 3.0.0.3.178
asus rt-n65u_firmware 3.0.0.4.260
asus rt-n56u_firmware 7.0.1.32
asus rt-n16_firmware 1.0.1.9
asus rt-n14u_firmware 3.0.0.4.322
asus rt-n16 -
asus rt-n66u_firmware *
asus rt-n56u_firmware 1.0.1.7f
asus rt-n16_firmware 3.0.0.4.260
asus rt-n56u_firmware 8.1.1.4
asus rt-n16_firmware 3.0.0.3.162
CVE-2013-5948 HIGH

The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the Target field (destIP parameter).

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
t-mobile tm-ac1900 3.0.0.4.376_3169
asus rt-ac68u_firmware 3.0.0.4.374_4561
asus rt-ac68u_firmware 3.0.0.4.374_4887
asus rt-ac68u_firmware 3.0.0.4.374.4755
asus rt-ac68u -
CVE-2013-6343 HIGH

Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and RT-AC66U routers with firmware 3.0.0.4.374_979 allow remote attackers to execute arbitrary code via the (1) apps_name or (2) apps_flag parameter to APP_Installation.asp.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
asus rt-n56u_firmware 3.0.0.4..374_979
asus tm-ac1900_firmware 3.0.0.4..374_979
asus rt-ac66u_firmware 3.0.0.4..374_979
CVE-2013-7293 MEDIUM

The ASUS WL-330NUL router has a configuration process that relies on accessing the 192.168.1.1 IP address, but the documentation advises users to instead access a DNS hostname that does not always resolve to 192.168.1.1, which makes it easier for remote attackers to hijack the configuration traffic by controlling the server associated with that hostname.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-16,CWE-284,

Products Affected

Vendor Product Version
asus wl-330nul -
CVE-2014-2718 HIGH

ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and possibly other RT-series routers before firmware 3.0.0.4.376.x do not verify the integrity of firmware (1) update information or (2) downloaded updates, which allows man-in-the-middle (MITM) attackers to execute arbitrary code via a crafted image.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-345,

Products Affected

Vendor Product Version
t-mobile tm-ac1900 3.0.0.4.376_3169
asus rt_series_firmware *
CVE-2014-2719 MEDIUM

Advanced_System_Content.asp in the ASUS RT series routers with firmware before 3.0.0.4.374.5517, when an administrator session is active, allows remote authenticated users to obtain the administrator user name and password by reading the source code.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
asus rt-n66u_firmware 3.0.0.4.272
asus rt-n16_firmware 3.0.0.4.220
asus rt-n16_firmware 1.0.2.3
asus rt-n56u_firmware 1.0.1.4
asus rt-n10e_firmware 2.0.0.10
asus rt-n56u_firmware 1.0.1.4o
asus rt-n56u_firmware 1.0.1.8n
asus rt-n16_firmware 3.0.0.4.246
asus rt-ac66u_firmware 3.0.0.4.260
asus rt-n65u_firmware 3.0.0.4.334
asus rt-n10e_firmware 2.0.0.7
asus rt-ac66u_firmware 3.0.0.4.354
asus rt-ac66u_firmware 3.0.0.4.140
asus rt-n56u_firmware 3.0.0.4.360
asus rt-n16_firmware 3.0.0.3.108
asus rt-n10e_firmware 2.0.0.19
asus rt-ac66u_firmware 3.0.0.4.246
asus rt-n56u_firmware 3.0.0.4.318
asus rt-ac66u_firmware 3.0.0.4.270
asus rt-ac68u -
asus rt-n56u_firmware 1.0.1.7c
asus rt-ac66u_firmware 3.0.0.4.220
t-mobile tm-ac1900 3.0.0.4.376_3169
asus rt-ac68u_firmware 3.0.0.4.374_4887
asus rt-n14u_firmware 3.0.0.4.356
asus rt-n65u_firmware 3.0.0.3.134
asus rt-n66u_firmware 3.0.0.4.370
asus rt-n56u_firmware 3.0.0.4.334
asus rt-n65u_firmware 3.0.0.4.346
asus rt-n56u_firmware 1.0.1.8j
asus rt-n10e_firmware 2.0.0.20
asus rt-ac68u_firmware 3.0.0.4.374.4755
asus rt-n16_firmware 7.0.2.38b
asus rt-n56u_firmware 7.0.1.21
asus rt-n10e_firmware 2.0.0.25
asus rt-n56u_firmware 1.0.1.8l
asus rt-n65u_firmware 3.0.0.4.342
asus rt-n10e_firmware 2.0.0.24
asus rt-n65u_firmware 3.0.0.3.176
asus rt-n56u_firmware 3.0.0.4.342
asus rt-n16_firmware 3.0.0.3.178
asus rt-n65u_firmware 3.0.0.4.260
asus rt-n56u_firmware 7.0.1.32
asus rt-n16_firmware 1.0.1.9
asus rt-n14u_firmware 3.0.0.4.322
asus rt-ac68u_firmware 3.0.0.4.374_4561
asus rt-n10e_firmware 2.0.0.16
asus rt-n16_firmware 3.0.0.4.354
asus rt-n56u_firmware 1.0.1.7f
asus rt-n16_firmware 3.0.0.4.260
asus rt-n56u_firmware 8.1.1.4
asus rt-n16_firmware 3.0.0.3.162
CVE-2014-2925 MEDIUM

Cross-site scripting (XSS) vulnerability in Advanced_Wireless_Content.asp in ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote attackers to inject arbitrary web script or HTML via the current_page parameter to apply.cgi.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
t-mobile tm-ac1900 3.0.0.4.376_3169
asus rt-ac68u_firmware *
asus rt-ac68u_firmware 3.0.0.4.374_4887
asus rt-ac68u_firmware 3.0.0.4.374.4755
asus rt-ac68u -
CVE-2014-7269 MEDIUM

ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
asus rt-n56u_firmware *
asus rt-n66u -
asus rt-ac56s_firmware *
asus rt-ac68u_firmware *
asus rt-n66u_firmware *
asus rt-ac68u -
asus rt-ac87u -
asus rt-ac56s -
asus rt-ac87u_firmware *
asus rt-n56u -
CVE-2014-7270 MEDIUM

Cross-site request forgery (CSRF) vulnerability on ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allows remote attackers to hijack the authentication of arbitrary users.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
asus rt-n56u_firmware *
asus rt-n66u -
asus rt-ac56s_firmware *
asus rt-ac68u_firmware *
asus rt-n66u_firmware *
asus rt-ac68u -
asus rt-ac87u -
asus rt-ac56s -
asus rt-ac87u_firmware *
asus rt-n56u -
CVE-2014-9583 HIGH

common.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC66U, RT-N66U, and other routers, does not properly check the MAC address for a request, which allows remote attackers to bypass authentication and execute arbitrary commands via a NET_CMD_ID_MANU_CMD packet to UDP port 9999. NOTE: this issue was incorrectly mapped to CVE-2014-10000, but that ID is invalid due to its use as an example of the 2014 CVE ID syntax change.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
t-mobile tm-ac1900 3.0.0.4.376_3169
asus wrt_firmware 3.0.0.4.376.2524-g0012f52
asus wrt_firmware 3.0.0.4.376_1071
CVE-2015-1437 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Asus RT-N10+ D1 router with firmware 2.1.1.1.70 allow remote attackers to inject arbitrary web script or HTML via the flag parameter to (1) result_of_get_changed_status.asp or (2) error_page.htm.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
asus rt-n10+d1_firmware 2.1.1.1.70
CVE-2015-2676 MEDIUM

Cross-site request forgery (CSRF) vulnerability in the ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request to start_apply.htm.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
asus rt-g32_firmware 2.0.3.2
asus rt-g32_firmware 2.0.2.6
CVE-2015-2681 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in the ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) next_page, (2) group_id, (3) action_script, or (4) flag parameter to start_apply.htm.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
asus rt-g32_firmware 2.0.3.2
asus rt-g32_firmware 2.0.2.6
CVE-2015-6949 HIGH

Stack-based buffer overflow in the ASUS TM-AC1900 router allows remote attackers to execute arbitrary code via crafted HTTP header values.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
asus tm-1900 -
CVE-2015-7787 LOW

ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to discover the WPA2-PSK passphrase via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
asus wl-330nul_firmware *
CVE-2015-7788 MEDIUM

ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to execute arbitrary commands via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
asus wl-330nul_firmware *
CVE-2015-7789 LOW

ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to cause a denial of service via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
asus wl-330nul *
asus wl-33nul_firmware *
CVE-2015-7790 MEDIUM

Cross-site scripting (XSS) vulnerability on ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
asus wl-330nul_firmware *
CVE-2016-6557 MEDIUM

In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,CWE-352,

Products Affected

Vendor Product Version
asus rp-n14_firmware -
asus rp-ac52_firmware *
asus rp-n53_firmware -
asus rp-n12_firmware -
asus rp-ac56_firmware -
asus wmp-n12_firmware -
asus ea-n66_firmware -
CVE-2016-6558 HIGH

A command injection vulnerability exists in apply.cgi on the ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, web interface specifically in the action_script parameter. The action_script parameter specifies a script to be executed if the action_mode parameter does not contain a valid state. If the input provided by action_script does not match one of the hard coded options, then it will be executed as the argument of either a system() or an eval() call allowing arbitrary commands to be executed.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,CWE-77,

Products Affected

Vendor Product Version
asus rp-n14_firmware -
asus rp-ac52_firmware *
asus rp-n53_firmware -
asus rp-n12_firmware -
asus rp-ac56_firmware -
asus wmp-n12_firmware -
asus ea-n66_firmware -
CVE-2017-12590 MEDIUM

ASUS RT-N14UHP devices before 3.0.0.4.380.8015 have a reflected XSS vulnerability in the "flag" parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
asus rt-n14uhp_firmware *
CVE-2017-12591 LOW

ASUS DSL-N10S V2.1.16_APAC devices have reflected and stored cross site scripting, as demonstrated by the snmpSysName parameter.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
asus dsl-n10s_firmware v2.1.16_apac
CVE-2017-12592 MEDIUM

ASUS DSL-N10S V2.1.16_APAC devices have a privilege escalation vulnerability. A normal user can escalate its privilege and perform administrative actions. There is no mapping of users with their privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
asus dsl-n10s_firmware v2.1.16_apac
CVE-2017-12593 MEDIUM

ASUS DSL-N10S V2.1.16_APAC devices allow CSRF.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
asus dsl-n10s_firmware v2.1.16_apac
CVE-2017-14698 MEDIUM

ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote attackers to change passwords of arbitrary users via the http_passwd parameter to mod_login.asp.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
asus dsl-n14u_firmware -
asus dsl-n16_firmware -
asus dsl-ac51_firmware -
asus dsl-ac750_firmware -
asus dsl-n55u_c1_firmware -
asus dsl-ac52u_firmware -
asus dsl-n14u-b1_firmware -
asus dsl-n10_c1_firmware -
asus dsl-n55u_d1_firmware -
asus dsl-n12u_c1_firmware -
asus dsl-n12e_c1_firmware -
asus dsl-n17u_firmware -
asus dsl-ac55u_firmware -
asus dsl-ac56u_firmware -
asus dsl-n16u_firmware -
asus dsl-n66u_firmware -
CVE-2017-14699 MEDIUM

Multiple XML external entity (XXE) vulnerabilities in the AiCloud feature on ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote authenticated users to read arbitrary files via a crafted DTD in (1) an UPDATEACCOUNT or (2) a PROPFIND request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
asus dsl-n14u_firmware -
asus dsl-n16_firmware -
asus dsl-ac51_firmware -
asus dsl-ac750_firmware -
asus dsl-n55u_c1_firmware -
asus dsl-ac52u_firmware -
asus dsl-n14u-b1_firmware -
asus dsl-n10_c1_firmware -
asus dsl-n55u_d1_firmware -
asus dsl-n12u_c1_firmware -
asus dsl-n12e_c1_firmware -
asus dsl-n17u_firmware -
asus dsl-ac55u_firmware -
asus dsl-ac56u_firmware -
asus dsl-n16u_firmware -
asus dsl-n66u_firmware -
CVE-2017-15653 MEDIUM

Improper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-613,

Products Affected

Vendor Product Version
asus asuswrt *
CVE-2017-15654 HIGH

Highly predictable session tokens in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allow gaining administrative router access.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-330,

Products Affected

Vendor Product Version
asus asuswrt *
CVE-2017-15655 HIGH

Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version <=3.0.0.4.376.X. All have been fixed in version 3.0.0.4.378, but this vulnerability was not previously disclosed. Some end-of-life routers have this version as the newest and thus are vulnerable at this time. This vulnerability allows for RCE with administrator rights when the administrator visits several pages.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
asus asuswrt *
CVE-2017-15656 MEDIUM

Password are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,

Products Affected

Vendor Product Version
asus asuswrt *
CVE-2017-17944 MEDIUM

The ASUS Vivobaby application before 1.1.09 for Android has Missing SSL Certificate Validation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
asus hivivo *
asus vivobaby *
CVE-2017-17945 MEDIUM

The ASUS HiVivo aspplication before 5.6.27 for ASUS Watch has Missing SSL Certificate Validation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
asus hivivo *
asus vivobaby *
CVE-2017-5632 LOW

An issue was discovered on the ASUS RT-N56U Wireless Router with Firmware 3.0.0.4.374_979. When executing an "nmap -O" command that specifies an IP address of an affected device, one can crash the device's WAN connection, causing disconnection from the Internet, a Denial of Service (DoS). The attack is only possible from within the local area network.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
asus rt-n56u_firmware 3.0.0.4.374_979
CVE-2017-5711 HIGH

Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
asus z170m-plus/br_firmware -
asus h110m-k_firmware -
asus h170-pro/usb_3.1_firmware -
asus h110m-c/ps_firmware -
asus ex-b250m-v5_firmware -
asus b150-pro_d3_firmware -
asus q170t_v2_firmware -
asus h110m-r_firmware -
asus rog_strix_z370-f_gaming_firmware -
asus h110i-plus_firmware -
asus prime_z270-k_firmware -
asus q270-s_firmware -
asus z170-p_d3_firmware -
asus b250m-f_plus_firmware -
asus z170m-e_d3_firmware -
asus h110m-cs_x_firmware -
asus q270m-cm-a_firmware -
asus b150-plus_firmware -
intel manageability_engine_firmware 11.7
asus h170m-e_d3_firmware -
asus rog_strix_z270e_gaming_firmware -
asus rog_strix_h270i_gaming_firmware -
asus prime_h270-plus_firmware -
asus h110-plus_firmware -
asus rog_maximus_viii_hero_alpha_firmware -
asus h110m-cs/br_firmware -
asus rog_strix_b250f_gaming_firmware -
asus sabertooth_z170_s_firmware -
asus z170-pro_firmware -
asus prime_z370-p_firmware -
asus h110m-plus_firmware -
asus b150m_pro_gaming_firmware -
asus prime_b250-pro_firmware -
asus tuf_z270_mark_2_firmware -
asus pio-b250i_firmware -
asus ex-b150m-v_firmware -
asus tuf_z370-plus_gaming_firmware -
intel manageability_engine_firmware 11.10
asus b150m-plus_firmware -
siemens sinumerik_pcu50.5-p_firmware *
siemens sinumerik_pcu50.5-c_firmware *
siemens simatic_ipc647d_firmware *
intel active_management_technology_firmware -
asus rog_maximus_x_apex_firmware -
asus z170i_pro_gaming_firmware -
asus pio-b150m_firmware -
asus h110t_firmware -
asus h110m-ks_firmware -
asus ex-h110m-v_firmware -
asus z170-deluxe_firmware -
asus rog_maximus_x_hero_firmware -
siemens simatic_ipc627d_firmware *
asus b150m-c/br_firmware -
asus prime_h110m2_firmware -
asus q170m2_firmware -
asus prime_q270m-c_firmware -
asus h110m-c/hdmi_firmware -
asus rog_maximus_viii_formula_firmware -
asus b150-pro_firmware -
asus prime_b250m-d_firmware -
siemens simatic_ipc427e_firmware *
siemens simatic_ipc477d_pro_firmware -
asus h110m-c_firmware -
asus rog_maximus_viii_extreme_firmware -
asus h110m-a/m.2_firmware -
siemens simatic_ipc477d_firmware -
asus rog_strix_z370-e_gaming_firmware -
asus z170-ar_firmware -
asus b150m-plus_d3_firmware -
asus h110s1_firmware -
asus prime_z370-a_firmware -
siemens simatic_field_pg_m3_firmware *
siemens simatic_ipc427d_firmware -
siemens simatic_ipc677c_firmware *
asus prime_z270-ar_firmware -
asus h110m-cs_firmware -
asus trooper_h110_d3_firmware -
asus prime_b250m-plus_firmware -
asus prime_h270m-plus_firmware -
asus h110m-ks_r1_firmware -
siemens simatic_ipc827d_firmware *
asus h110m-a/dp_firmware -
siemens simatic_ipc827c_firmware *
asus z170_pro_gaming_firmware -
asus prime_h270-pro_firmware -
asus rog_maximus_viii_impact_firmware -
asus b150m-c_firmware -
asus h110m-d/exper/si_firmware -
asus h110t-a_firmware -
asus b150-a_firmware -
siemens simatic_itp1000_firmware *
asus rog_maximus_x_code_firmware -
asus rog_strix_z370-g_gaming_firmware -
asus h110m-a_d3_firmware -
siemens simatic_ipc847d_firmware *
asus prime_h110m-p_firmware -
asus h170m-plus_firmware -
asus rog_maximus_ix_hero_firmware -
asus prime_b250m-k_firmware -
asus b250-mr_firmware -
intel manageability_engine_firmware 11.20
asus prime_b250-plus_firmware -
asus prime_h110m2/fpt_firmware -
asus ex-b150-v7_firmware -
asus b150i_pro_gaming/aura_firmware -
asus rog_maximus_viii_hero_firmware -
asus h170_pro_gaming_firmware -
siemens simatic_ipc647c_firmware *
asus h110m-k_x_firmware -
siemens simatic_ipc547d_firmware *
intel manageability_engine_firmware *
asus h170-pro_firmware -
asus b150m-k_firmware -
asus rog_strix_z270f_gaming_firmware -
asus h170m-plus/br_firmware -
asus prime_z270-p_firmware -
asus b250-s_firmware -
asus rog_strix_h270f_gaming_firmware -
asus q170m-cm-b_firmware -
asus b150m-c_d3_firmware -
siemens simatic_field_pg_m4_firmware *
asus b150_pro_gaming/aura_firmware -
asus b250_mining_expert_firmware -
asus b150m-a_d3_firmware -
asus b150m-a/m.2_firmware -
asus h110m-k_d3_firmware -
asus h110m-p/dvi_firmware -
asus ex-b150m-v5_firmware -
asus h110m-e/m.2_firmware -
asus prime_b250m-a_firmware -
asus b150m-a_firmware -
asus b150m-k_d3_firmware -
asus h110m-a_firmware -
asus rog_strix_z270h_gaming/k1_firmware -
asus rog_maximus_x_formula_firmware -
siemens simotion_p320-4s_firmware *
siemens simatic_ipc627c_firmware *
asus b150_pro_gaming_d3_firmware -
asus rog_maximus_viii_ranger_firmware -
asus z170-premium_firmware -
asus rog_strix_b250h_gaming_firmware -
asus h110m-f_firmware -
asus rog_maximus_ix_extreme_firmware -
asus b150m-v_plus_firmware -
asus rog_maximus_viii_gene_firmware -
asus trooper_b150_d3_firmware -
asus rog_strix_b250i_gaming_firmware -
asus h110s2_firmware -
asus prime_b250m-plus/br_firmware -
asus z170-p_firmware -
asus ex-b250-v7_firmware -
asus z170-k_firmware -
asus tuf_z370-pro_gaming_firmware -
asus ex-b150m-v3_firmware -
intel manageability_engine_firmware 11.6
asus rog_maximus_ix_formula_firmware -
asus h110m-c/br_firmware -
asus h110m-ts_firmware -
asus h170-plus_d3_firmware -
asus z170m-plus_firmware -
asus z170_pro_gaming/aura_firmware -
siemens simatic_ipc477e_firmware *
asus sabertooth_z170_mark_1_firmware -
asus h110m-e_firmware -
asus h110m-c2/tf_firmware -
asus h170i-pro_firmware -
asus rog_maximus_ix_apex_firmware -
asus q170m-c_firmware -
siemens simatic_ipc547e_firmware *
asus h110m-c2_firmware -
asus rog_strix_z270h_gaming_firmware -
asus z170-a_firmware -
asus ex-h110m-v3_firmware -
asus rog_strix_z270i_gaming_firmware -
asus b250m-c_pro_firmware -
asus q170s1_firmware -
intel manageability_engine_firmware 11.5
asus prime_b250m-c_firmware -
asus rog_maximus_ix_code_firmware -
siemens simatic_ipc677d_firmware *
asus prime_z270-a_firmware -
asus z170-e_firmware -
siemens simatic_ipc847c_firmware *
asus q170t_firmware -
asus b150m-d_firmware -
asus prime_z270m-plus/br_firmware -
asus rog_strix_z270g_gaming_firmware -
siemens simatic_field_pg_m5_firmware *
intel manageability_engine_firmware 11.0
asus rog_strix_b250g_gaming_firmware -
asus h110m-d_firmware -
asus prime_j3355i-c_firmware -
asus tuf_z270_mark_1_firmware -
asus rog_strix_z370-i_gaming_firmware -
asus prime_z270m-plus_firmware -
asus b150i_pro_gaming/wifi/aura_firmware -
asus ex-b250m-v3_firmware -
asus b150m-f_plus_firmware -
asus rog_strix_z370-h_gaming_firmware -
asus b150_pro_gaming_firmware -
asus prime_b250m-j_firmware -
asus ex-b250m-v_firmware -
asus prime_b250-a_firmware -
asus q170m2/cdm/si_firmware -
CVE-2017-5712 HIGH

Buffer overflow in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allows attacker with remote Admin access to the system to execute arbitrary code with AMT execution privilege.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
asus z170m-plus/br_firmware -
asus h110m-k_firmware -
asus h170-pro/usb_3.1_firmware -
asus h110m-c/ps_firmware -
asus ex-b250m-v5_firmware -
asus b150-pro_d3_firmware -
asus q170t_v2_firmware -
asus h110m-r_firmware -
asus rog_strix_z370-f_gaming_firmware -
asus h110i-plus_firmware -
asus prime_z270-k_firmware -
asus q270-s_firmware -
asus z170-p_d3_firmware -
asus b250m-f_plus_firmware -
asus z170m-e_d3_firmware -
asus h110m-cs_x_firmware -
asus q270m-cm-a_firmware -
asus b150-plus_firmware -
intel manageability_engine_firmware 11.7
asus h170m-e_d3_firmware -
asus rog_strix_z270e_gaming_firmware -
asus rog_strix_h270i_gaming_firmware -
asus prime_h270-plus_firmware -
asus h110-plus_firmware -
asus rog_maximus_viii_hero_alpha_firmware -
asus h110m-cs/br_firmware -
asus rog_strix_b250f_gaming_firmware -
asus sabertooth_z170_s_firmware -
asus z170-pro_firmware -
asus prime_z370-p_firmware -
asus h110m-plus_firmware -
asus b150m_pro_gaming_firmware -
asus prime_b250-pro_firmware -
asus tuf_z270_mark_2_firmware -
asus pio-b250i_firmware -
asus ex-b150m-v_firmware -
asus tuf_z370-plus_gaming_firmware -
intel manageability_engine_firmware 11.10
asus b150m-plus_firmware -
siemens sinumerik_pcu50.5-p_firmware *
siemens sinumerik_pcu50.5-c_firmware *
siemens simatic_ipc647d_firmware *
intel active_management_technology_firmware -
asus rog_maximus_x_apex_firmware -
asus z170i_pro_gaming_firmware -
asus pio-b150m_firmware -
asus h110t_firmware -
asus h110m-ks_firmware -
asus ex-h110m-v_firmware -
asus z170-deluxe_firmware -
asus rog_maximus_x_hero_firmware -
siemens simatic_ipc627d_firmware *
asus b150m-c/br_firmware -
asus prime_h110m2_firmware -
asus q170m2_firmware -
asus prime_q270m-c_firmware -
asus h110m-c/hdmi_firmware -
asus rog_maximus_viii_formula_firmware -
asus b150-pro_firmware -
asus prime_b250m-d_firmware -
siemens simatic_ipc427e_firmware *
siemens simatic_ipc477d_pro_firmware -
asus h110m-c_firmware -
asus rog_maximus_viii_extreme_firmware -
asus h110m-a/m.2_firmware -
siemens simatic_ipc477d_firmware -
asus rog_strix_z370-e_gaming_firmware -
asus z170-ar_firmware -
asus b150m-plus_d3_firmware -
asus h110s1_firmware -
asus prime_z370-a_firmware -
siemens simatic_field_pg_m3_firmware *
siemens simatic_ipc427d_firmware -
siemens simatic_ipc677c_firmware *
asus prime_z270-ar_firmware -
asus h110m-cs_firmware -
asus trooper_h110_d3_firmware -
asus prime_b250m-plus_firmware -
asus prime_h270m-plus_firmware -
asus h110m-ks_r1_firmware -
siemens simatic_ipc827d_firmware *
asus h110m-a/dp_firmware -
siemens simatic_ipc827c_firmware *
asus z170_pro_gaming_firmware -
asus prime_h270-pro_firmware -
asus rog_maximus_viii_impact_firmware -
asus b150m-c_firmware -
asus h110m-d/exper/si_firmware -
asus h110t-a_firmware -
asus b150-a_firmware -
siemens simatic_itp1000_firmware *
asus rog_maximus_x_code_firmware -
asus rog_strix_z370-g_gaming_firmware -
asus h110m-a_d3_firmware -
siemens simatic_ipc847d_firmware *
asus prime_h110m-p_firmware -
asus h170m-plus_firmware -
asus rog_maximus_ix_hero_firmware -
asus prime_b250m-k_firmware -
asus b250-mr_firmware -
intel manageability_engine_firmware 11.20
asus prime_b250-plus_firmware -
asus prime_h110m2/fpt_firmware -
asus ex-b150-v7_firmware -
asus b150i_pro_gaming/aura_firmware -
asus rog_maximus_viii_hero_firmware -
asus h170_pro_gaming_firmware -
siemens simatic_ipc647c_firmware *
asus h110m-k_x_firmware -
siemens simatic_ipc547d_firmware *
intel manageability_engine_firmware *
asus h170-pro_firmware -
asus b150m-k_firmware -
asus rog_strix_z270f_gaming_firmware -
asus h170m-plus/br_firmware -
asus prime_z270-p_firmware -
asus b250-s_firmware -
asus rog_strix_h270f_gaming_firmware -
asus q170m-cm-b_firmware -
asus b150m-c_d3_firmware -
siemens simatic_field_pg_m4_firmware *
asus b150_pro_gaming/aura_firmware -
asus b250_mining_expert_firmware -
asus b150m-a_d3_firmware -
asus b150m-a/m.2_firmware -
asus h110m-k_d3_firmware -
asus h110m-p/dvi_firmware -
asus ex-b150m-v5_firmware -
asus h110m-e/m.2_firmware -
asus prime_b250m-a_firmware -
asus b150m-a_firmware -
asus b150m-k_d3_firmware -
asus h110m-a_firmware -
asus rog_strix_z270h_gaming/k1_firmware -
asus rog_maximus_x_formula_firmware -
siemens simotion_p320-4s_firmware *
siemens simatic_ipc627c_firmware *
asus b150_pro_gaming_d3_firmware -
asus rog_maximus_viii_ranger_firmware -
asus z170-premium_firmware -
asus rog_strix_b250h_gaming_firmware -
asus h110m-f_firmware -
asus rog_maximus_ix_extreme_firmware -
asus b150m-v_plus_firmware -
asus rog_maximus_viii_gene_firmware -
asus trooper_b150_d3_firmware -
asus rog_strix_b250i_gaming_firmware -
asus h110s2_firmware -
asus prime_b250m-plus/br_firmware -
asus z170-p_firmware -
asus ex-b250-v7_firmware -
asus z170-k_firmware -
asus tuf_z370-pro_gaming_firmware -
asus ex-b150m-v3_firmware -
intel manageability_engine_firmware 11.6
asus rog_maximus_ix_formula_firmware -
asus h110m-c/br_firmware -
asus h110m-ts_firmware -
asus h170-plus_d3_firmware -
asus z170m-plus_firmware -
asus z170_pro_gaming/aura_firmware -
siemens simatic_ipc477e_firmware *
asus sabertooth_z170_mark_1_firmware -
asus h110m-e_firmware -
asus h110m-c2/tf_firmware -
asus h170i-pro_firmware -
asus rog_maximus_ix_apex_firmware -
asus q170m-c_firmware -
siemens simatic_ipc547e_firmware *
asus h110m-c2_firmware -
asus rog_strix_z270h_gaming_firmware -
asus z170-a_firmware -
asus ex-h110m-v3_firmware -
asus rog_strix_z270i_gaming_firmware -
asus b250m-c_pro_firmware -
asus q170s1_firmware -
intel manageability_engine_firmware 11.5
asus prime_b250m-c_firmware -
asus rog_maximus_ix_code_firmware -
siemens simatic_ipc677d_firmware *
asus prime_z270-a_firmware -
asus z170-e_firmware -
siemens simatic_ipc847c_firmware *
asus q170t_firmware -
asus b150m-d_firmware -
asus prime_z270m-plus/br_firmware -
asus rog_strix_z270g_gaming_firmware -
siemens simatic_field_pg_m5_firmware *
intel manageability_engine_firmware 11.0
asus rog_strix_b250g_gaming_firmware -
asus h110m-d_firmware -
asus prime_j3355i-c_firmware -
asus tuf_z270_mark_1_firmware -
asus rog_strix_z370-i_gaming_firmware -
asus prime_z270m-plus_firmware -
asus b150i_pro_gaming/wifi/aura_firmware -
asus ex-b250m-v3_firmware -
asus b150m-f_plus_firmware -
asus rog_strix_z370-h_gaming_firmware -
asus b150_pro_gaming_firmware -
asus prime_b250m-j_firmware -
asus ex-b250m-v_firmware -
asus prime_b250-a_firmware -
asus q170m2/cdm/si_firmware -
CVE-2017-5891 MEDIUM

ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 have Login Page CSRF and Save Settings CSRF.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
asus rt-ac1750_firmware 3.0.0.4.380.7266
CVE-2017-5892 MEDIUM

ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 allow JSONP Information Disclosure such as a network map.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
asus rt-ac1750_firmware 3.0.0.4.380.7266
CVE-2017-6547 MEDIUM

Cross-site scripting (XSS) vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before 3.0.0.4.380.7378; RT-AC68W routers with firmware before 3.0.0.4.380.7266; and RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1, and RT-N12+ Pro routers with firmware before 3.0.0.4.380.9488 allows remote attackers to inject arbitrary JavaScript by requesting filenames longer than 50 characters.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
asus rt-ac53_firmware 3.0.0.4.380.6038
CVE-2017-6548 HIGH

Buffer overflows in networkmap on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before 3.0.0.4.380.7378; RT-AC68W routers with firmware before 3.0.0.4.380.7266; and RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1, and RT-N12+ Pro routers with firmware before 3.0.0.4.380.9488; and Asuswrt-Merlin firmware before 380.65_2 allow remote attackers to execute arbitrary code on the router via a long host or port in crafted multicast messages.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
asus rt-ac53_firmware 3.0.0.4.380.6038
CVE-2017-6549 HIGH

Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before 3.0.0.4.380.7378; RT-AC68W routers with firmware before 3.0.0.4.380.7266; and RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1, and RT-N12+ Pro routers with firmware before 3.0.0.4.380.9488; and Asuswrt-Merlin firmware before 380.65_2 allows remote attackers to steal any active admin session by sending cgi_logout and asusrouter-Windows-IFTTT-1.0 in certain HTTP headers.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
asus rt-ac53_firmware 3.0.0.4.380.6038
CVE-2017-8877 MEDIUM

ASUS RT-AC* and RT-N* devices with firmware through 3.0.0.4.380.7378 allow JSONP Information Disclosure such as the SSID.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
asus rt-ac1750_firmware 3.0.0.4.380.7266
CVE-2017-8878 MEDIUM

ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 allow remote authenticated users to discover the Wi-Fi password via WPS_info.xml.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
asus rt-ac1750_firmware 3.0.0.4.380.7266
CVE-2018-0581 MEDIUM

Cross-site scripting vulnerability in ASUS RT-AC87U Firmware version prior to 3.0.0.4.378.9383 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
asus rt-ac87u_firmware *
CVE-2018-0582 MEDIUM

Cross-site scripting vulnerability in ASUS RT-AC68U Firmware version prior to 3.0.0.4.380.1031 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
asus rt-ac68u_firmware *
CVE-2018-0583 MEDIUM

Cross-site scripting vulnerability in ASUS RT-AC1200HP Firmware version prior to 3.0.0.4.380.4180 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
asus rt-ac1200hp_firmware *
CVE-2018-0647 MEDIUM

Cross-site request forgery (CSRF) vulnerability in WL-330NUL Firmware version prior to 3.0.0.46 allows remote attackers to hijack the authentication of administrators via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
asus wl-330nul_firmware *
CVE-2018-11491 HIGH

ASUS HG100 devices with firmware before 1.05.12 allow unauthenticated access, leading to remote command execution.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
asus hg100_firmware *
CVE-2018-11492 HIGH

ASUS HG100 devices allow denial of service via an IPv4 packet flood.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
asus hg100_firmware -
CVE-2018-14710 MEDIUM

Cross-site scripting in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute JavaScript via the "hook" URL parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
asus rt-ac3200_firmware 3.0.0.4.382.50010
CVE-2018-14711 MEDIUM

Missing cross-site request forgery protection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to cause state-changing actions with specially crafted URLs.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
asus rt-ac3200_firmware 3.0.0.4.382.50010
CVE-2018-14712 MEDIUM

Buffer overflow in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to inject system commands via the "hook" URL parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
asus rt-ac3200_firmware 3.0.0.4.382.50010
CVE-2018-14713 MEDIUM

Format string vulnerability in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to read arbitrary sections of memory and CPU registers via the "hook" URL parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-134,

Products Affected

Vendor Product Version
asus rt-ac3200_firmware 3.0.0.4.382.50010
CVE-2018-14714 HIGH

System command injection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute system commands via the "load_script" URL parameter.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
asus rt-ac3200_firmware 3.0.0.4.382.50010
CVE-2018-14979 LOW

The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains a pre-installed app with a package name of com.asus.loguploader (versionCode=1570000275, versionName=7.0.0.55_170515). This app contains an exported service app component named com.asus.loguploader.LogUploaderService that, when accessed with a particular action string, will write a bugreport (kernel log, logcat log, and the state of system services including the text of active notifications), Wi-Fi Passwords, and other system data to external storage (sdcard). Any app with the READ_EXTERNAL_STORAGE permission on this device can read this data from the sdcard after it has been dumped there by the com.asus.loguploader. Third-party apps are not allowed to directly create a bugreport or access the user's stored wireless network credentials.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
asus zenfone_3_max_firmware 7.0.0.55
CVE-2018-14980 LOW

The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains the android framework (i.e., system_server) with a package name of android (versionCode=24, versionName=7.0) that has been modified by ASUS or another entity in the supply chain. The system_server process in the core android package has an exported broadcast receiver that allows any app co-located on the device to programmatically initiate the taking of a screenshot and have the resulting screenshot be written to external storage (i.e., sdcard). The taking of a screenshot is not transparent to the user; the device has a screen animation as the screenshot is taken and there is a notification indicating that a screenshot occurred. If the attacking app also requests the EXPAND_STATUS_BAR permission, it can wake the device up using certain techniques and expand the status bar to take a screenshot of the user's notifications even if the device has an active screen lock. The notifications may contain sensitive data such as text messages used in two-factor authentication. The system_server process that provides this capability cannot be disabled, as it is part of the Android framework. The notification can be removed by a local Denial of Service (DoS) attack to reboot the device.

CVSS 2.0

Severity: LOW

Problem Type: CWE-732,

Products Affected

Vendor Product Version
asus zenfone_3_max_firmware -
CVE-2018-14992 LOW

The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains a pre-installed platform app with a package name of com.asus.dm (versionCode=1510500200, versionName=1.5.0.40_171122) has an exposed interface in an exported service named com.asus.dm.installer.DMInstallerService that allows any app co-located on the device to use its capabilities to download an arbitrary app over the internet and install it. Any app on the device can send an intent with specific embedded data that will cause the com.asus.dm app to programmatically download and install the app. For the app to be downloaded and installed, certain data needs to be provided: download URL, package name, version name from the app's AndroidManifest.xml file, and the MD5 hash of the app. Moreover, any app that is installed using this method can also be programmatically uninstalled using the same unprotected component named com.asus.dm.installer.DMInstallerService.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
asus zenfone_3_max_firmware 1.5.0.40
CVE-2018-14993 HIGH

The ASUS Zenfone V Live Android device with a build fingerprint of asus/VZW_ASUS_A009/ASUS_A009:7.1.1/NMF26F/14.0610.1802.78-20180313:user/release-keys and the Asus ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys both contain a pre-installed platform app with a package name of com.asus.splendidcommandagent (versionCode=1510200090, versionName=1.2.0.18_160928) that contains an exported service named com.asus.splendidcommandagent.SplendidCommandAgentService that allows any app co-located on the device to supply arbitrary commands to be executed as the system user. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, obtain the user's text messages, and more.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
asus zenfone_v_live_firmware -
asus zenfone_3_max_firmware -
CVE-2018-15887 MEDIUM

Main_Analysis_Content.asp in ASUS DSL-N12E_C1 1.1.2.3_345 is prone to Authenticated Remote Command Execution, which allows a remote attacker to execute arbitrary OS commands via service parameters, such as shell metacharacters in the destIP parameter of a cmdMethod=ping request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
asus dsl-n12e_c1_firmware 1.1.2.3_345
CVE-2018-17020 HIGH

ASUS GT-AC5300 devices with firmware through 3.0.0.4.384_32738 allow remote attackers to cause a denial of service via a single "GET / HTTP/1.1\r\n" line.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
asus gt-ac5300_firmware *
CVE-2018-17021 MEDIUM

Cross-site scripting (XSS) vulnerability on ASUS GT-AC5300 devices with firmware through 3.0.0.4.384_32738 allows remote attackers to inject arbitrary web script or HTML via the appGet.cgi hook parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
asus gt-ac5300_firmware *
CVE-2018-17022 HIGH

Stack-based buffer overflow on the ASUS GT-AC5300 router through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact by setting a long sh_path0 value and then sending an appGet.cgi?hook=select_list("Storage_x_SharedPath") request, because ej_select_list in router/httpd/web.c uses strcpy.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
asus gt-ac5300_firmware *
CVE-2018-17023 MEDIUM

Cross-site request forgery (CSRF) vulnerability on ASUS GT-AC5300 routers with firmware through 3.0.0.4.384_32738 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request to start_apply.htm.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
asus gt-ac5300_firmware *
CVE-2018-17127 HIGH

blocking_request.cgi on ASUS GT-AC5300 devices through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (NULL pointer dereference and device crash) via a request that lacks a timestap parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-476,

Products Affected

Vendor Product Version
asus gt-ac5300_firmware *
CVE-2018-18287 MEDIUM

On ASUS RT-AC58U 3.0.0.4.380_6516 devices, remote attackers can discover hostnames and IP addresses by reading dhcpLeaseInfo data in the HTML source code of the Main_Login.asp page.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
asus rt-ac58u_firmware 3.0.0.4.380.6516
CVE-2018-18291 MEDIUM

A cross site scripting (XSS) vulnerability on ASUS RT-AC58U 3.0.0.4.380_6516 devices allows remote attackers to inject arbitrary web script or HTML via Advanced_ASUSDDNS_Content.asp, Advanced_WSecurity_Content.asp, Advanced_Wireless_Content.asp, Logout.asp, Main_Login.asp, MobileQIS_Login.asp, QIS_wizard.htma, YandexDNS.asp, ajax_status.xml, apply.cgi, clients.asp, disk.asp, disk_utility.asp, or internet.asp.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
asus rt-ac58u_firmware 3.0.0.4.380.6516
CVE-2018-18535 HIGH

The Asusgio low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes functionality to read and write Machine Specific Registers (MSRs). This could be leveraged to execute arbitrary ring-0 code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
asus aura_sync_firmware 1.07.22
CVE-2018-18536 HIGH

The GLCKIo and Asusgio low-level drivers in ASUS Aura Sync v1.07.22 and earlier expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
asus aura_sync_firmware 1.07.22
CVE-2018-18537 LOW

The GLCKIo low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes a path to write an arbitrary DWORD to an arbitrary address.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
asus aura_sync_firmware 1.07.22
CVE-2018-20333 MEDIUM

An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /update_applist.asp to see if a USB device is attached to the router and if there are apps installed on the router.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
asus asuswrt 3.0.0.4.384.20308
CVE-2018-20334 HIGH

An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
asus asuswrt 3.0.0.4.384.20308
CVE-2018-20335 HIGH

An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can trigger a DoS of the httpd service via the /APP_Installation.asp?= URI.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
asus asuswrt 3.0.0.4.384.20308
CVE-2018-20336 MEDIUM

An issue was discovered in ASUSWRT 3.0.0.4.384.20308. There is a stack-based buffer overflow issue in parse_req_queries function in wanduck.c via a long string over UDP, which may lead to an information leak.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
asus asuswrt-merlin 3.0.0.4.384.20308
CVE-2018-5999 HIGH

An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
asus asuswrt *
CVE-2018-6000 HIGH

An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpnupload.cgi provides functionality for setting NVRAM configuration values, which allows attackers to set the admin password and launch an SSH daemon (or enable infosvr command mode), and consequently obtain remote administrative access, via a crafted request. This is available to unauthenticated attackers in conjunction with CVE-2018-5999.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-862,

Products Affected

Vendor Product Version
asus asuswrt *
CVE-2018-8826 HIGH

ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13, and RT-N12 D1 routers with firmware before 3.0.0.4.380.8228; RT-AC52U B1, RT-AC1200 and RT-N600 routers with firmware before 3.0.0.4.380.10446; RT-AC55U and RT-AC55UHP routers with firmware before 3.0.0.4.382.50276; RT-AC86U and RT-AC2900 routers with firmware before 3.0.0.4.384.20648; and possibly other RT-series routers allow remote attackers to execute arbitrary code via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
asus rt-ac52u_b1_firmware 3.0.0.4.380.10446
asus rt-ac86u_firmware 3.0.0.4.384.20648
asus rt-ac58u_firmware 3.0.0.4.380.8228
asus rt-n12_d1_firmware 3.0.0.4.380.8228
asus rt-ac1200_firmware 3.0.0.4.380.10446
asus rt-ac51u_firmware 3.0.0.4.380.8228
asus rt-acrh13_firmware 3.0.0.4.380.8228
asus rt-ac1750_firmware 3.0.0.4.380.8228
asus rt-ac66u_firmware 3.0.0.4.380.8228
asus rt-ac2900_firmware 3.0.0.4.384.20648
asus rt-ac55uhp_firmware 3.0.0.4.382.50276
asus rt-ac55u_firmware 3.0.0.4.382.50276
asus rt-n600_firmware 3.0.0.4.380.10446
CVE-2018-8877 MEDIUM

Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network IP address ranges by reading the new_lan_ip variable on the error_page.htm page.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
asuswrt-merlin asuswrt-merlin *
asus asus_firmware *
CVE-2018-8878 MEDIUM

Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network devices' hostnames and MAC addresses by reading the custom_id variable on the blocking.asp page.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
asuswrt-merlin asuswrt-merlin *
asus asus_firmware *
CVE-2018-8879 HIGH

Stack-based buffer overflow in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to execute arbitrary code by providing a long string to the blocking.asp page via a GET or POST request. Vulnerable parameters are flag, mac, and cat_id.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
asus rt-ac66u_firmware *
CVE-2018-9285 HIGH

Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.384_10007; RT-N18U devices before 3.0.0.4.382.39935; RT-AC87U and RT-AC3200 devices before 3.0.0.4.382.50010; and RT-AC5300 devices before 3.0.0.4.384.20287 allows OS command injection via the pingCNT and destIP fields of the SystemCmd variable.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
asus rt-ac5300_firmware *
asus rt-ac68u_firmware *
asus rt-ac1900_firmware *
asus rt-ac87u_firmware *
asus rt-ac66u_firmware *
asus rt-ac2900_firmware *
asus rt-ac3100_firmware *
asus rt-n18u_firmware *
asus rt-ac88u_firmware *
asus rt-ac3200_firmware *
asus rt-ac86u_firmware *
CVE-2019-10709 HIGH

AsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 hardware has a Pool Overflow associated with the \\.\AsusTP device, leading to a DoS or potentially privilege escalation via a crafted DeviceIoControl call.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
asus precision_touchpad 11.0.0.25
CVE-2019-11060 HIGH

The web api server on Port 8080 of ASUS HG100 firmware up to 1.05.12, which is vulnerable to Slowloris HTTP Denial of Service: an attacker can cause a Denial of Service (DoS) by sending headers very slowly to keep HTTP or HTTPS connections and associated resources alive for a long period of time. CVSS 3.0 Base score 7.4 (Availability impacts). CVSS vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,CWE-770,

Products Affected

Vendor Product Version
asus hg100_firmware *
CVE-2019-11061 MEDIUM

A broken access control vulnerability in HG100 firmware versions up to 4.00.06 allows an attacker in the same local area network to control IoT devices that connect with itself via http://[target]/smarthome/devicecontrol without any authentication. CVSS 3.0 base score 10 (Confidentiality, Integrity and Availability impacts). CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,

Products Affected

Vendor Product Version
asus hg100_firmware *
CVE-2019-11063 HIGH

A broken access control vulnerability in SmartHome app (Android versions up to 3.0.42_190515, ios versions up to 2.0.22) allows an attacker in the same local area network to list user accounts and control IoT devices that connect with its gateway (HG100) via http://[target]/smarthome/devicecontrol without any authentication. CVSS 3.0 base score 10 (Confidentiality, Integrity and Availability impacts). CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,

Products Affected

Vendor Product Version
asus smarthome *
CVE-2019-15391 LOW

The Asus ZenFone 4 Selfie Android device with a build fingerprint of asus/WW_Phone/ASUS_X00LD_1:8.1.0/OPM1.171019.011/15.0400.1809.405-0:user/release-keys contains a pre-installed app with a package name of com.log.logservice app (versionCode=1, versionName=1) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
asus zenfone_4_selfie_firmware -
CVE-2019-15392 LOW

The Asus ZenFone 4 Selfie Android device with a build fingerprint of Android/sdm660_64/sdm660_64:8.1.0/OPM1/14.2016.1802.247-20180419:user/release-keys contains a pre-installed app with a package name of com.log.logservice app (versionCode=1, versionName=1) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
asus zenfone_4_selfie_firmware -
CVE-2019-15393 LOW

The Asus ZenFone Live Android device with a build fingerprint of asus/WW_Phone/ASUS_X00LD_3:7.1.1/NMF26F/14.0400.1806.203-20180720:user/release-keys contains a pre-installed app with a package name of com.asus.atd.smmitest app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 1.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-610,

Products Affected

Vendor Product Version
asus zenfone_live_(l1)_firmware -
CVE-2019-15394 HIGH

The Asus ZenFone 5 Selfie Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_1:7.1.1/NMF26F/14.0400.1810.061-20181107:user/release-keys contains a pre-installed app with a package name of com.asus.atd.smmitest app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-610,

Products Affected

Vendor Product Version
asus zenfone_5_selfie_firmware -
CVE-2019-15395 HIGH

The Asus ZenFone 3s Max Android device with a build fingerprint of asus/IN_X00G/ASUS_X00G_1:7.0/NRD90M/IN_X00G-14.02.1807.33-20180706:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
asus zenfone_3s_max_firmware -
CVE-2019-15396 HIGH

The Asus ZenFone 3 Android device with a build fingerprint of asus/WW_Phone/ASUS_Z012D:7.0/NRD90M/14.2020.1708.56-20170719:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
asus zenfone_3_firmware -
CVE-2019-15397 HIGH

The Asus ZenFone Max 4 Android device with a build fingerprint of asus/WW_Phone/ASUS_X00HD_4:7.1.1/NMF26F/14.2016.1803.373-20180308:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
asus zenfone_max_4_firmware -
CVE-2019-15398 HIGH

The Asus ZenFone 4 Selfie Android device with a build fingerprint of asus/WW_Z01M/ASUS_Z01M_1:7.1.1/NMF26F/WW_user_11.40.208.77_20170922:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
asus zenfone_4_selfie_firmware -
CVE-2019-15399 HIGH

The Asus ZenFone 5Q Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_2:7.1.1/NGI77B/14.0400.1809.059-20181016:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
asus zenfone_5q_firmware -
CVE-2019-15400 HIGH

The Asus ZenFone 3 Ultra Android device with a build fingerprint of asus/WW_Phone/ASUS_A001:7.0/NRD90M/14.1010.1804.75-20180612:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
asus zenfone_3_ultra_firmware -
CVE-2019-15401 HIGH

The Asus ASUS_A002 Android device with a build fingerprint of asus/WW_ASUS_A002/ASUS_A002:7.0/NRD90M/14.1600.1805.51-20180626:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
asus zenfone_ar_firmware -
CVE-2019-15402 HIGH

The Asus ASUS_A002_2 Android device with a build fingerprint of asus/WW_ASUS_A002_2/ASUS_A002_2:7.0/NRD90M/14.1610.1802.18-20180321:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
asus zenfone_ar_firmware -
CVE-2019-15403 HIGH

The Asus ZenFone 3s Max Android device with a build fingerprint of asus/IN_X00G/ASUS_X00G_1:7.0/NRD90M/IN_X00G-14.02.1807.33-20180706:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
asus zenfone_3s_max_firmware -
CVE-2019-15404 HIGH

The Asus ZenFone Max 4 Android device with a build fingerprint of asus/WW_Phone/ASUS_X00HD_4:7.1.1/NMF26F/14.2016.1712.367-20171225:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
asus zenfone_4_max_firmware -
CVE-2019-15405 HIGH

The Asus ASUS_X00K_1 Android device with a build fingerprint of asus/CN_X00K/ASUS_X00K_1:7.0/NRD90M/CN_X00K-14.01.1711.27-20180420:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-610,

Products Affected

Vendor Product Version
asus pegasus_4_max_firmware -
asus pegasus_4a_firmware -
CVE-2019-15406 HIGH

The Asus ASUS_X00LD_3 Android device with a build fingerprint of asus/WW_Phone/ASUS_X00LD_3:7.1.1/NMF26F/14.0400.1806.203-20180720:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
asus zenfone_4_selfie_firmware -
CVE-2019-15407 HIGH

The Asus ASUS_X015_1 Android device with a build fingerprint of asus/CN_X015/ASUS_X015_1:7.0/NRD90M/CN_X015-14.00.1709.35-20171215:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
asus zenfone_4_max_firmware -
CVE-2019-15408 HIGH

The Asus ZenFone 5 Lite Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_1:7.1.1/NMF26F/14.0400.1810.061-20181107:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
asus zenfone_5_lite_firmware -
CVE-2019-15409 HIGH

The Asus ZenFone 5Q Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_2:7.1.1/NGI77B/14.0400.1809.059-20181016:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
asus zenfone_5q_firmware -
CVE-2019-15410 HIGH

The Asus ZenFone 5Q Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_2:7.1.1/NGI77B/14.0400.1809.059-20181016:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
asus zenfone_5q_firmware -
CVE-2019-15411 HIGH

The Asus ZenFone 3 Laser Android device with a build fingerprint of asus/WW_msm8937/msm8937:7.1.1/NMF26F/WW_32.40.106.114_20180928:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
asus zenfone_3_laser_firmware -
CVE-2019-15412 MEDIUM

The Asus ZenFone 4 Selfie Android device with a build fingerprint of asus/WW_Z01M/ASUS_Z01M_1:7.1.1/NMF26F/WW_71.50.395.57_20180913:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
asus zenfone_4_selfie_firmware -
CVE-2019-15413 HIGH

The Asus ZenFone 3 Ultra Android device with a build fingerprint of asus/WW_Phone/ASUS_A001:7.0/NRD90M/14.1010.1804.75-20180612:user/release-keys contains a pre-installed app with a package name of com.asus.splendidcommandagent app (versionCode=1510200105, versionName=1.2.0.21_180605) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
asus zenfone_3_ultra_firmware -
CVE-2019-15414 HIGH

The Asus ZenFone AR Android device with a build fingerprint of asus/WW_ASUS_A002/ASUS_A002:7.0/NRD90M/14.1600.1805.51-20180626:user/release-keys contains a pre-installed app with a package name of com.asus.splendidcommandagent app (versionCode=1510200105, versionName=1.2.0.21_180605) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
asus zenfone_ar_firmware -
CVE-2019-15418 HIGH

The Asus ASUS_X00K_1 Android device with a build fingerprint of asus/CN_X00K/ASUS_X00K_1:7.0/NRD90M/CN_X00K-14.01.1711.27-20180420:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app (versionCode=5, versionName=5.0.1) that allows unauthorized command execution via a confused deputy attack. This capability can be accessed by any app co-located on the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-610,

Products Affected

Vendor Product Version
asus pegasus_4_max_firmware -
asus pegasus_4a_firmware -
CVE-2019-15419 HIGH

The Asus ASUS_X015_1 Android device with a build fingerprint of asus/CN_X015/ASUS_X015_1:7.0/NRD90M/CN_X015-14.00.1709.35-20171215:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app (versionCode=5, versionName=5.0.1) that allows unauthorized command execution via a confused deputy attack. This capability can be accessed by any app co-located on the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-610,

Products Affected

Vendor Product Version
asus x105d_firmware -
CVE-2019-15910 MEDIUM

An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Attackers can utilize the "discover ZigBee network procedure" to perform a denial of service attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
asus dl-101_firmware -
asus mw100_firmware -
asus ms-101_firmware -
asus as-101_firmware -
asus ts-101_firmware -
asus hg100_firmware -
asus ws-101_firmware -
CVE-2019-15911 HIGH

An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Because of insecure key transport in ZigBee communication, attackers can obtain sensitive information, cause the multiple denial of service attacks, take over smart home devices, and tamper with messages.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-319,

Products Affected

Vendor Product Version
asus dl-101_firmware -
asus mw100_firmware -
asus ms-101_firmware -
asus as-101_firmware -
asus ts-101_firmware -
asus hg100_firmware -
asus ws-101_firmware -
CVE-2019-15912 MEDIUM

An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Attackers can use the ZigBee trust center rejoin procedure to perform mutiple denial of service attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
asus dl-101_firmware -
asus mw100_firmware -
asus ms-101_firmware -
asus as-101_firmware -
asus ts-101_firmware -
asus hg100_firmware -
asus ws-101_firmware -
CVE-2019-17603 HIGH

Ene.sys in Asus Aura Sync through 1.07.71 does not properly validate input to IOCTL 0x80102044, 0x80102050, and 0x80102054, which allows local users to cause a denial of service (system crash) or gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
asus aura_sync *
CVE-2019-18216 HIGH

The BIOS configuration design on ASUS ROG Zephyrus M GM501GS laptops with BIOS 313 relies on the main battery instead of using a CMOS battery, which reduces the value of a protection mechanism in which booting from a USB device is prohibited. Attackers who have physical laptop access can exhaust the main battery to reset the BIOS configuration, and then achieve direct access to the hard drive by booting a live USB OS without disassembling the laptop. NOTE: the vendor has apparently indicated that this is "normal" and use of the same battery for the BIOS and the overall system is a "new design." However, the vendor apparently plans to "improve" this an unspecified later time

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
asus rog_zephyrus_m_gm501gs_firmware -
CVE-2019-19235 MEDIUM

AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 (for Windows 10 notebook PCs) could lead to unsigned code execution with no additional execution. The user must put an application at a particular path, with a particular file name.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,

Products Affected

Vendor Product Version
asus atk_package *
CVE-2019-20082 HIGH

ASUS RT-N53 3.0.0.4.376.3754 devices have a buffer overflow via a long lan_dns1_x or lan_dns2_x parameter to Advanced_LAN_Content.asp.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
asus rt-n53_firmware 3.0.0.4.376.3754
CVE-2020-10649 HIGH

DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10 notebooks and PCs could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-427,

Products Affected

Vendor Product Version
asus device_activation *
CVE-2020-12695 HIGH

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H 2.2 4.7

CVSS 2.0

Severity: HIGH

Problem Type: CWE-276,

Products Affected

Vendor Product Version
cisco wap351 -
hp envy_5548_k7g87a -
hp deskjet_ink_advantage_4538_f0v66b -
hp envy_4520_e6g67a -
hp hp_deskjet_ink_advantage_4535_f0v64b -
hp deskjet_ink_advantage_5575_g0v48c -
hp envy_photo_7830_y0g50b -
hp hp_deskjet_ink_advantage_4678_f1h99b -
hp envy_4512_k9h49a -
hp envy_5535 -
hp hp_officejet_4650_f1h96a -
hp envy_4500_a9t89a -
hp envy_4501_c8d05a -
hp hp_envy_4520_f0v63b -
broadcom adsl -
hp envy_6540_b9s59a -
canon selphy_cp1200 -
hp envy_100_cn517b -
huawei hg532e -
hp envy_5544_k7c89a -
epson xp-320 -
hp hp_envy_4520_f0v63a -
hp envy_pro_6420_5se45b -
hp envy_5540_g0v53a -
hp envy_5000_m2u91a *
zyxel vmg8324-b10a -
hp envy_5020_m2u91b -
hp deskjet_ink_advantage_4675_f1h97a -
epson xp-2101 -
hp envy_photo_6200_y0k13d_ -
hp envy_photo_7100_z3m37a -
hp envy_6055_5se16a -
hp hp_envy_4516_k9h52a -
hp deskjet_ink_advantage_4675_f1h97b -
hp envy_photo_7800_y0g42d -
hp envy_photo_7100_3xd89a -
hp envy_photo_7120_z3m41d -
hp envy_photo_7164_k7g99a -
hp envy_7645_e4w44a -
epson xp-8500 -
hp officejet_4654_f1j06b -
hp envy_5532 -
epson xp-970 -
hp hp_officejet_4656_k9v81b -
epson xp-8600 -
hp envy_5640_b9s56a -
hp officejet_4655_k9v82b -
hp 5030_m2u92b -
hp envy_5540_g0v47a -
hp envy_100_cn517c -
hp 5020_z4a69a -
hp deskjet_ink_advantage_4678_f1h99b -
hp envy_110_cq809b -
hp envy_4511_k9h50a -
hp envy_5000_m2u91a -
epson xp-702 -
hp envy_5000_m2u85b -
hp envy_5534 -
hp envy_6020_5se16b -
cisco wap150 -
hp envy_4504_a9t88b -
hp hp_deskjet_ink_advantage_4676_f1h98a -
hp envy_photo_6230_k7g25b -
hp envy_6020_6wd35a -
hp hp_officejet_4652_f1j02a -
zyxel amg1202-t10b -
hp envy_5539 -
hp envy_4521_k9t10b -
hp envy_114_cq811b -
hp envy_5540_g0v51a -
ui unifi_controller -
hp envy_5541_k7g89a -
hp envy_4525_k9t09b -
hp envy_photo_7822_y0g43d -
epson xp-620 -
epson ew-m970a3t -
hp envy_pro_6420_6wd14a -
hp hp_officejet_4655_k9v82b -
hp envy_4504_c8d04a -
hp hp_officejet_4654_f1j07b -
hp hp_officejet_4655_f1j00a -
hp envy_pro_6455_5se45a -
hp 5030_z4a70a -
hp envy_4508_e6g72b -
hp hp_envy_4527_j6u61b -
hp envy_100_cn518a -
hp deskjet_ink_advantage_3545_a9t81c -
canonical ubuntu_linux 20.04
hp envy_photo_6232_k7g26b -
hp envy_5544_k7c93a -
hp envy_120_cz022a -
epson xp-4105 -
microsoft windows_10 -
hp officejet_4657_v6d29b -
hp hp_envy_4512_k9h49a -
dlink dvg-n5412sp -
hp envy_5545_g0v50a -
epson xp-2105 -
hp envy_5540_k7c85a -
hp deskjet_ink_advantage_4675_f1h97c -
hp hp_deskjet_ink_advantage_4538_f0v66b -
hp hp_officejet_4650_f1h96b -
hp envy_photo_7100_k7g93a -
hp envy_5540_g0v52a -
hp envy_5546_k7c90a -
hp hp_deskjet_ink_advantage_4675_f1h97a -
epson xp-100 -
hp envy_5000_m2u85a -
hp envy_4503_e6g71b -
epson xp-330 -
hp envy_7644_e4w46a -
hp deskjet_ink_advantage_5575_g0v48b -
hp envy_4500_a9t80a -
hp hp_envy_4520_f0v69a -
hp officejet_4654_f1j07b -
ruckussecurity zonedirector_1200 -
hp envy_100_cn519a -
hp envy_photo_7800_k7r96a -
hp hp_envy_4523_j6u60b -
fedoraproject fedora 32
epson xp-241 -
hp envy_110_cq809d -
cisco wap131 -
hp envy_4500_d3p93a -
hp envy_4523_j6u60b -
hp deskjet_ink_advantage_4535_f0v64b -
hp envy_6020_5se17a -
hp officejet_4652_k9v84b -
hp envy_pro_6452_5se47a -
hp hp_envy_4522_f0v67a -
hp envy_5664_f8b08a -
hp hp_envy_4520_e6g67b -
hp deskjet_ink_advantage_4535_f0v64c -
hp deskjet_ink_advantage_4536_f0v65a -
hp envy_photo_6200_k7s21b -
hp envy_4524_f0v72b -
hp envy_4528_k9t08b -
hp envy_5000_z4a54a -
hp hp_envy_4526_k9t05b -
hp officejet_4655_f1j00a -
hp envy_4520_f0v69a -
hp envy_photo_7800_k7s10d -
hp hp_officejet_4658_v6d30b -
hp envy_4526_k9t05b -
hp hp_envy_4524_f0v71b -
hp envy_4502_a9t87b -
hp envy_5543_n9u88a -
tp-link archer_c50 -
hp envy_5530 -
hp envy_5542_k7c88a -
hp envy_photo_7800_k7s00a -
hp hp_deskjet_ink_advantage_4675_f1h97c -
epson xp-630 -
hp deskjet_ink_advantage_4518 -
hp deskjet_ink_advantage_4676_f1h98a -
hp envy_5643_b9s63a -
asus rt-n11 -
hp hp_officejet_4657_v6d29b -
epson ep-101 -
hp envy_4507_e6g70b -
hp envy_6020_7cz37a -
hp envy_4527_j6u61b -
hp hp_officejet_4652_k9v84b -
hp deskjet_ink_advantage_3545_a9t81a -
hp envy_4500_a9t80b -
hp envy_120_cz022c -
hp envy_photo_7155_z3m52a -
hp envy_photo_7822_y0g42d -
nec wr8165n -
hp envy_photo_6200_y0k15a -
hp envy_114_cq811a -
hp envy_5640_b9s58a -
hp envy_6052_5se18a -
hp envy_photo_6200_k7g18a -
hp envy_photo_6220_k7g21b -
hp hp_officejet_4652_f1j05b -
hp envy_110_cq809a -
hp hp_officejet_4650_e6g87a -
hp envy_4505_a9t86a -
dell b1165nfw -
hp envy_4509_d3p94a -
hp hp_officejet_4654_f1j06b -
netgear wnhde111 -
epson xp-960 -
fedoraproject fedora 31
hp deskjet_ink_advantage_3456_a9t84c -
hp envy_photo_6200_k7g26b -
hp hp_envy_4513_k9h51a -
epson xp-340 -
hp officejet_4658_v6d30b -
w1.fi hostapd *
hp hp_envy_4524_k9t01a -
hp officejet_4655_k9v79a -
hp envy_photo_6252_k7g22a -
hp envy_4502_a9t85a -
hp envy_5000_m2u94b -
hp envy_photo_6222_y0k14d -
hp hp_envy_4520_e6g67a -
hp hp_envy_4525_k9t09b -
hp hp_envy_4528_k9t08b -
hp hp_officejet_4655_k9v79a -
hp deskjet_ink_advantage_3546_a9t82a -
hp envy_4524_f0v71b -
hp envy_pro_6420_6wd16a -
hp envy_4520_f0v63b -
hp deskjet_ink_advantage_4515 -
hp envy_pro_6420_5se46a -
hp envy_4524_k9t01a -
hp envy_5646_f8b05a -
hp hp_deskjet_ink_advantage_4675_f1h97b -
hp envy_4513_k9h51a -
hp envy_7640 -
hp envy_5540_f2e72a -
hp 5660_f8b04a -
zte zxv10_w300 -
hp officejet_4652_f1j02a -
hp envy_110_cq812c -
hp envy_5536 -
hp envy_120_cz022b -
hp envy_4516_k9h52a -
hp envy_photo_6222_y0k13d -
hp envy_114_cq812a -
hp envy_5642_b9s64a -
hp envy_100_cn519b -
hp envy_5547_j6u64a -
hp officejet_4656_k9v81b -
hp hp_envy_4511_k9h50a -
huawei hg255s -
hp envy_4509_d3p94b -
hp envy_photo_7100_k7g99a -
hp envy_photo_7100_z3m52a -
hp deskjet_ink_advantage_3548_a9t81b -
hp hp_envy_4524_f0v72b -
hp envy_5531 -
hp hp_deskjet_ink_advantage_4535_f0v64a -
hp envy_110_cq809c -
epson m571t -
hp envy_photo_6220_k7g20d -
hp envy_photo_7800_y0g52b -
hp envy_100_cn517a -
hp envy_5000_z4a74a -
debian debian_linux 9.0
hp hp_deskjet_ink_advantage_4535_f0v64c -
hp envy_5665_f8b06a -
hp envy_4520_f0v63a -
hp envy_111_cq810a -
hp envy_4522_f0v67a -
hp officejet_4652_f1j05b -
hp 5034_z4a74a -
hp envy_5644_b9s65a -
hp officejet_4650_f1h96a -
epson xp-440 -
hp officejet_4650_f1h96b -
hp deskjet_ink_advantage_4535_f0v64a -
hp envy_4520_e6g67b -
debian debian_linux 10.0
microsoft xbox_one 10.0.19041.2494
hp officejet_4650_e6g87a -
hp envy_photo_6234_k7s21b -
hp hp_deskjet_ink_advantage_4536_f0v65a -
hp hp_envy_4521_k9t10b -
epson xp-4100 -
hp deskjet_ink_advantage_3545_a9t83b -
CVE-2020-15009 MEDIUM

AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe in ScreenPad2_Upgrade_Tool.msi V1.0.3 for ASUS PCs with ScreenPad 1.0 (UX450FDX, UX550GDX and UX550GEX) could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-426,

Products Affected

Vendor Product Version
asus screenpad2_upgrade_tool 1.0.3
CVE-2020-15498 MEDIUM

An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_20253. The router accepts an arbitrary server certificate for a firmware update. The culprit is the --no-check-certificate option passed to wget tool used to download firmware update files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
asus rt-ac1900p_firmware *
CVE-2020-15499 MEDIUM

An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_20253. They allow XSS via spoofed Release Notes on the Firmware Upgrade page.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
asus rt-ac1900p_firmware *
CVE-2020-23648

Asus RT-N12E 2.0.0.39 is affected by an incorrect access control vulnerability. Through system.asp / start_apply.htm, an attacker can change the administrator password without any authentication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
asus rt-n12e_firmware 2.0.0.39
CVE-2020-29655 MEDIUM

An injection vulnerability exists in RT-AC88U Download Master before 3.1.0.108. Accessing Main_Login.asp?flag=1&productname=FOOBAR&url=/downloadmaster/task.asp will redirect to the login site, which will show the value of the parameter productname within the title. An attacker might be able to influence the appearance of the login page, aka text injection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
asus rt-ac88u_firmware *
CVE-2020-29656 MEDIUM

An information disclosure vulnerability exists in RT-AC88U Download Master before 3.1.0.108. A direct access to /downloadmaster/dm_apply.cgi?action_mode=initial&download_type=General&special_cgi=get_language makes it possible to reach "unknown functionality" in a "known to be easy" manner via an unspecified "public exploit."

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-425,

Products Affected

Vendor Product Version
asus rt-ac88u_firmware *
CVE-2020-35219 HIGH

The ASUS DSL-N17U modem with firmware 1.1.0.2 allows attackers to access the admin interface by changing the admin password without authentication via a POST request to Advanced_System_Content.asp with the uiViewTools_username=admin&uiViewTools_Password= and uiViewTools_PasswordConfirm= substrings.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
asus dsl-n17u_firmware 1.1.0.2
CVE-2020-36109 HIGH

ASUS RT-AX86U router firmware below version under 9.0.0.4_386 has a buffer overflow in the blocking_request.cgi function of the httpd module that can cause code execution when an attacker constructs malicious data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
asus rt-ax86u_firmware *
CVE-2020-7997 MEDIUM

ASUS WRT-AC66U 3 RT 3.0.0.4.372_67 devices allow XSS via the Client Name field to the Parental Control feature.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
asus rt-ac66u_firmware 3.0.0.4.372_67
CVE-2021-26943 HIGH

The UX360CA BIOS through 303 on ASUS laptops allow an attacker (with the ring 0 privilege) to overwrite nearly arbitrary physical memory locations, including SMRAM, and execute arbitrary code in the SMM (issue 3 of 3).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
asus ux360ca_bios *
CVE-2021-27403 MEDIUM

Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow cgi-bin/te_acceso_router.cgi curWebPage XSS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
asus askey_rtf8115vw_firmware br_sv_g11.11_rtf_tef001_v6.54_v014
CVE-2021-27404 MEDIUM

Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow injection of a Host HTTP header.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,

Products Affected

Vendor Product Version
asus askey_rtf8115vw_firmware br_sv_g11.11_rtf_tef001_v6.54_v014
CVE-2021-28175 MEDIUM

The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6
twcert@cert.org.tw 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
asus z10pe-d16_ws_firmware 1.14.2
asus z10pr-d16_firmware 1.14.51
asus asmb8-ikvm_firmware 1.14.51
CVE-2021-28176 MEDIUM

The DNS configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
asus z10pe-d16_ws_firmware 1.14.2
asus z10pr-d16_firmware 1.14.51
asus asmb8-ikvm_firmware 1.14.51
CVE-2021-28177 MEDIUM

The LDAP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
asus z10pe-d16_ws_firmware 1.14.2
asus z10pr-d16_firmware 1.14.51
asus asmb8-ikvm_firmware 1.14.51
CVE-2021-28178 MEDIUM

The UEFI configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6
twcert@cert.org.tw 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
asus z10pe-d16_ws_firmware 1.14.2
asus z10pr-d16_firmware 1.14.51
asus asmb8-ikvm_firmware 1.14.51
CVE-2021-28179 MEDIUM

The specific function in ASUS BMC’s firmware Web management page (Media support configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
asus z10pe-d16_ws_firmware 1.14.2
asus z10pr-d16_firmware 1.14.51
asus asmb8-ikvm_firmware 1.14.51
CVE-2021-28180 MEDIUM

The specific function in ASUS BMC’s firmware Web management page (Audit log configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6
twcert@cert.org.tw 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
asus z10pe-d16_ws_firmware 1.14.2
asus z10pr-d16_firmware 1.14.51
asus asmb8-ikvm_firmware 1.14.51
CVE-2021-28181 MEDIUM

The specific function in ASUS BMC’s firmware Web management page (Remote video configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6
twcert@cert.org.tw 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
asus z10pe-d16_ws_firmware 1.14.2
asus z10pr-d16_firmware 1.14.51
asus asmb8-ikvm_firmware 1.14.51
CVE-2021-28182 MEDIUM

The Web Service configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
asus z10pe-d16_ws_firmware 1.14.2
asus z10pr-d16_firmware 1.14.51
asus asmb8-ikvm_firmware 1.14.51
CVE-2021-28183 MEDIUM

The specific function in ASUS BMC’s firmware Web management page (Web License configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6
twcert@cert.org.tw 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
asus z10pe-d16_ws_firmware 1.14.2
asus z10pr-d16_firmware 1.14.51
asus asmb8-ikvm_firmware 1.14.51
CVE-2021-28184 MEDIUM

The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
asus z10pe-d16_ws_firmware 1.14.2
asus z10pr-d16_firmware 1.14.51
asus asmb8-ikvm_firmware 1.14.51
CVE-2021-28185 MEDIUM

The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-1 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6
twcert@cert.org.tw 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
asus z10pe-d16_ws_firmware 1.14.2
asus z10pr-d16_firmware 1.14.51
asus asmb8-ikvm_firmware 1.14.51
CVE-2021-28186 MEDIUM

The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-2 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6
twcert@cert.org.tw 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
asus z10pe-d16_ws_firmware 1.14.2
asus z10pr-d16_firmware 1.14.51
asus asmb8-ikvm_firmware 1.14.51
CVE-2021-28187 MEDIUM

The specific function in ASUS BMC’s firmware Web management page (Generate new SSL certificate) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6
twcert@cert.org.tw 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
asus z10pe-d16_ws_firmware 1.14.2
asus z10pr-d16_firmware 1.14.51
asus asmb8-ikvm_firmware 1.14.51
CVE-2021-28188 MEDIUM

The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
asus z10pe-d16_ws_firmware 1.14.2
asus z10pr-d16_firmware 1.14.51
asus asmb8-ikvm_firmware 1.14.51
CVE-2021-28189 MEDIUM

The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
asus z10pe-d16_ws_firmware 1.14.2
asus z10pr-d16_firmware 1.14.51
asus asmb8-ikvm_firmware 1.14.51
CVE-2021-28190 MEDIUM

The specific function in ASUS BMC’s firmware Web management page (Generate new certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6
twcert@cert.org.tw 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
asus esc8000_g4_firmware 1.15.4
asus rs300-e10-rs4_firmware 1.13.6
asus rs500-e9-rs4-u_firmware 1.15.4
asus rs500a-e9-ps4_firmware 1.14.1
asus rs720-e9-rs12-e_firmware 1.15.2
asus z11pa-d8_firmware 1.14.1
asus rs500a-e10-ps4_firmware 1.15.2
asus rs700a-e9-rs4_firmware 1.10.0
asus rs300-e10-ps4_firmware 1.13.6
asus ws_x299_pro/se_firmware 1.14.1
asus rs720a-e9-rs24v2_firmware 1.15.1
asus asmb9-ikvm_firmware 1.11.12
asus rs720q-e9-rs8_firmware 1.15.0
asus pro_e800_g4_firmware 1.14.2
asus ws_c621e_sage_firmware 1.15.1
asus rs520-e9-rs8_firmware 1.15.3
asus rs500a-e9-rs4_firmware 1.14.1
asus z11pa-u12/10g-2s_firmware 1.15.1
asus z11pr-d16_firmware 1.15.3
asus rs520-e9-rs12-e_firmware 1.15.3
asus rs720q-e9-rs8-s_firmware 1.15.0
asus z11pa-d8c_firmware 1.14.1
asus rs720a-e9-rs24-e_firmware 1.10.3
asus rs720q-e9-rs24-s_firmware 1.15.0
asus rs500-e9-ps4_firmware 1.15.4
asus esc4000_dhd_g4_firmware 1.13.7
asus esc4000_g4_firmware 1.15.2
asus ws_c422_pro/se_firmware 1.14.1
asus rs700-e9-rs12_firmware 1.11.5
asus rs720-e9-rs24-u_firmware 1.14.3
asus rs720-e9-rs8-g_firmware 1.15.2
asus esc4000_g4x_firmware 1.11.6
asus rs700a-e9-rs12v2_firmware 1.15.1
asus esc8000_g4/10g_firmware 1.15.4
asus e700_g4_firmware 1.14.1
asus rs100-e10-pi2_firmware 1.13.6
asus rs700-e9-rs4_firmware 1.09
asus z11pa-u12_firmware 1.15.1
asus knpa-u16_firmware 1.13.4
asus rs720a-e9-rs12v2_firmware 1.15.2
asus rs500a-e9_rs4_u_firmware 1.14.1
asus rs500a-e10-rs4_firmware 1.15.2
asus rs700a-e9-rs4v2_firmware 1.15.1
asus rs500-e9-rs4_firmware 1.15.4
CVE-2021-28191 MEDIUM

The Firmware update function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6
twcert@cert.org.tw 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
asus esc8000_g4_firmware 1.15.4
asus rs300-e10-rs4_firmware 1.13.6
asus rs500-e9-rs4-u_firmware 1.15.4
asus rs500a-e9-ps4_firmware 1.14.1
asus rs720-e9-rs12-e_firmware 1.15.2
asus z11pa-d8_firmware 1.14.1
asus rs500a-e10-ps4_firmware 1.15.2
asus rs700a-e9-rs4_firmware 1.10.0
asus rs300-e10-ps4_firmware 1.13.6
asus ws_x299_pro/se_firmware 1.14.1
asus rs720a-e9-rs24v2_firmware 1.15.1
asus asmb9-ikvm_firmware 1.11.12
asus rs720q-e9-rs8_firmware 1.15.0
asus pro_e800_g4_firmware 1.14.2
asus ws_c621e_sage_firmware 1.15.1
asus rs520-e9-rs8_firmware 1.15.3
asus rs500a-e9-rs4_firmware 1.14.1
asus z11pa-u12/10g-2s_firmware 1.15.1
asus z11pr-d16_firmware 1.15.3
asus rs520-e9-rs12-e_firmware 1.15.3
asus rs720q-e9-rs8-s_firmware 1.15.0
asus z11pa-d8c_firmware 1.14.1
asus rs720a-e9-rs24-e_firmware 1.10.3
asus rs720q-e9-rs24-s_firmware 1.15.0
asus rs500-e9-ps4_firmware 1.15.4
asus esc4000_dhd_g4_firmware 1.13.7
asus esc4000_g4_firmware 1.15.2
asus ws_c422_pro/se_firmware 1.14.1
asus rs700-e9-rs12_firmware 1.11.5
asus rs720-e9-rs24-u_firmware 1.14.3
asus rs720-e9-rs8-g_firmware 1.15.2
asus esc4000_g4x_firmware 1.11.6
asus rs700a-e9-rs12v2_firmware 1.15.1
asus esc8000_g4/10g_firmware 1.15.4
asus e700_g4_firmware 1.14.1
asus rs100-e10-pi2_firmware 1.13.6
asus rs700-e9-rs4_firmware 1.09
asus z11pa-u12_firmware 1.15.1
asus knpa-u16_firmware 1.13.4
asus rs720a-e9-rs12v2_firmware 1.15.2
asus rs500a-e9_rs4_u_firmware 1.14.1
asus rs500a-e10-rs4_firmware 1.15.2
asus rs700a-e9-rs4v2_firmware 1.15.1
asus rs500-e9-rs4_firmware 1.15.4
CVE-2021-28192 MEDIUM

The specific function in ASUS BMC’s firmware Web management page (Remote video storage function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
asus esc8000_g4_firmware 1.15.4
asus rs300-e10-rs4_firmware 1.13.6
asus rs500-e9-rs4-u_firmware 1.15.4
asus rs500a-e9-ps4_firmware 1.14.1
asus rs720-e9-rs12-e_firmware 1.15.2
asus z11pa-d8_firmware 1.14.1
asus rs500a-e10-ps4_firmware 1.15.2
asus rs700a-e9-rs4_firmware 1.10.0
asus rs300-e10-ps4_firmware 1.13.6
asus ws_x299_pro/se_firmware 1.14.1
asus rs720a-e9-rs24v2_firmware 1.15.1
asus asmb9-ikvm_firmware 1.11.12
asus rs720q-e9-rs8_firmware 1.15.0
asus pro_e800_g4_firmware 1.14.2
asus ws_c621e_sage_firmware 1.15.1
asus rs520-e9-rs8_firmware 1.15.3
asus rs500a-e9-rs4_firmware 1.14.1
asus z11pa-u12/10g-2s_firmware 1.15.1
asus z11pr-d16_firmware 1.15.3
asus rs520-e9-rs12-e_firmware 1.15.3
asus rs720q-e9-rs8-s_firmware 1.15.0
asus z11pa-d8c_firmware 1.14.1
asus rs720a-e9-rs24-e_firmware 1.10.3
asus rs720q-e9-rs24-s_firmware 1.15.0
asus rs500-e9-ps4_firmware 1.15.4
asus esc4000_dhd_g4_firmware 1.13.7
asus esc4000_g4_firmware 1.15.2
asus ws_c422_pro/se_firmware 1.14.1
asus rs700-e9-rs12_firmware 1.11.5
asus rs720-e9-rs24-u_firmware 1.14.3
asus rs720-e9-rs8-g_firmware 1.15.2
asus esc4000_g4x_firmware 1.11.6
asus rs700a-e9-rs12v2_firmware 1.15.1
asus esc8000_g4/10g_firmware 1.15.4
asus e700_g4_firmware 1.14.1
asus rs100-e10-pi2_firmware 1.13.6
asus rs700-e9-rs4_firmware 1.09
asus z11pa-u12_firmware 1.15.1
asus knpa-u16_firmware 1.13.4
asus rs720a-e9-rs12v2_firmware 1.15.2
asus rs500a-e9_rs4_u_firmware 1.14.1
asus rs500a-e10-rs4_firmware 1.15.2
asus rs700a-e9-rs4v2_firmware 1.15.1
asus rs500-e9-rs4_firmware 1.15.4
CVE-2021-28193 MEDIUM

The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
asus esc8000_g4_firmware 1.15.4
asus rs300-e10-rs4_firmware 1.13.6
asus rs500-e9-rs4-u_firmware 1.15.4
asus rs500a-e9-ps4_firmware 1.14.1
asus rs720-e9-rs12-e_firmware 1.15.2
asus z11pa-d8_firmware 1.14.1
asus rs500a-e10-ps4_firmware 1.15.2
asus rs700a-e9-rs4_firmware 1.10.0
asus rs300-e10-ps4_firmware 1.13.6
asus ws_x299_pro/se_firmware 1.14.1
asus rs720a-e9-rs24v2_firmware 1.15.1
asus asmb9-ikvm_firmware 1.11.12
asus rs720q-e9-rs8_firmware 1.15.0
asus pro_e800_g4_firmware 1.14.2
asus ws_c621e_sage_firmware 1.15.1
asus rs520-e9-rs8_firmware 1.15.3
asus rs500a-e9-rs4_firmware 1.14.1
asus z11pa-u12/10g-2s_firmware 1.15.1
asus z11pr-d16_firmware 1.15.3
asus rs520-e9-rs12-e_firmware 1.15.3
asus rs720q-e9-rs8-s_firmware 1.15.0
asus z11pa-d8c_firmware 1.14.1
asus rs720a-e9-rs24-e_firmware 1.10.3
asus rs720q-e9-rs24-s_firmware 1.15.0
asus rs500-e9-ps4_firmware 1.15.4
asus esc4000_dhd_g4_firmware 1.13.7
asus esc4000_g4_firmware 1.15.2
asus ws_c422_pro/se_firmware 1.14.1
asus rs700-e9-rs12_firmware 1.11.5
asus rs720-e9-rs24-u_firmware 1.14.3
asus rs720-e9-rs8-g_firmware 1.15.2
asus esc4000_g4x_firmware 1.11.6
asus rs700a-e9-rs12v2_firmware 1.15.1
asus esc8000_g4/10g_firmware 1.15.4
asus e700_g4_firmware 1.14.1
asus rs100-e10-pi2_firmware 1.13.6
asus rs700-e9-rs4_firmware 1.09
asus z11pa-u12_firmware 1.15.1
asus knpa-u16_firmware 1.13.4
asus rs720a-e9-rs12v2_firmware 1.15.2
asus rs500a-e9_rs4_u_firmware 1.14.1
asus rs500a-e10-rs4_firmware 1.15.2
asus rs700a-e9-rs4v2_firmware 1.15.1
asus rs500-e9-rs4_firmware 1.15.4
CVE-2021-28194 MEDIUM

The specific function in ASUS BMC’s firmware Web management page (Remote image configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
asus esc8000_g4_firmware 1.15.4
asus rs300-e10-rs4_firmware 1.13.6
asus rs500-e9-rs4-u_firmware 1.15.4
asus rs500a-e9-ps4_firmware 1.14.1
asus rs720-e9-rs12-e_firmware 1.15.2
asus z11pa-d8_firmware 1.14.1
asus rs500a-e10-ps4_firmware 1.15.2
asus rs700a-e9-rs4_firmware 1.10.0
asus rs300-e10-ps4_firmware 1.13.6
asus ws_x299_pro/se_firmware 1.14.1
asus rs720a-e9-rs24v2_firmware 1.15.1
asus asmb9-ikvm_firmware 1.11.12
asus rs720q-e9-rs8_firmware 1.15.0
asus pro_e800_g4_firmware 1.14.2
asus ws_c621e_sage_firmware 1.15.1
asus rs520-e9-rs8_firmware 1.15.3
asus rs500a-e9-rs4_firmware 1.14.1
asus z11pa-u12/10g-2s_firmware 1.15.1
asus z11pr-d16_firmware 1.15.3
asus rs520-e9-rs12-e_firmware 1.15.3
asus rs720q-e9-rs8-s_firmware 1.15.0
asus z11pa-d8c_firmware 1.14.1
asus rs720a-e9-rs24-e_firmware 1.10.3
asus rs720q-e9-rs24-s_firmware 1.15.0
asus rs500-e9-ps4_firmware 1.15.4
asus esc4000_dhd_g4_firmware 1.13.7
asus esc4000_g4_firmware 1.15.2
asus ws_c422_pro/se_firmware 1.14.1
asus rs700-e9-rs12_firmware 1.11.5
asus rs720-e9-rs24-u_firmware 1.14.3
asus rs720-e9-rs8-g_firmware 1.15.2
asus esc4000_g4x_firmware 1.11.6
asus rs700a-e9-rs12v2_firmware 1.15.1
asus esc8000_g4/10g_firmware 1.15.4
asus e700_g4_firmware 1.14.1
asus rs100-e10-pi2_firmware 1.13.6
asus rs700-e9-rs4_firmware 1.09
asus z11pa-u12_firmware 1.15.1
asus knpa-u16_firmware 1.13.4
asus rs720a-e9-rs12v2_firmware 1.15.2
asus rs500a-e9_rs4_u_firmware 1.14.1
asus rs500a-e10-rs4_firmware 1.15.2
asus rs700a-e9-rs4v2_firmware 1.15.1
asus rs500-e9-rs4_firmware 1.15.4
CVE-2021-28195 MEDIUM

The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
asus esc8000_g4_firmware 1.15.4
asus rs300-e10-rs4_firmware 1.13.6
asus rs500-e9-rs4-u_firmware 1.15.4
asus rs500a-e9-ps4_firmware 1.14.1
asus rs720-e9-rs12-e_firmware 1.15.2
asus z11pa-d8_firmware 1.14.1
asus rs500a-e10-ps4_firmware 1.15.2
asus rs700a-e9-rs4_firmware 1.10.0
asus rs300-e10-ps4_firmware 1.13.6
asus ws_x299_pro/se_firmware 1.14.1
asus rs720a-e9-rs24v2_firmware 1.15.1
asus asmb9-ikvm_firmware 1.11.12
asus rs720q-e9-rs8_firmware 1.15.0
asus pro_e800_g4_firmware 1.14.2
asus ws_c621e_sage_firmware 1.15.1
asus rs520-e9-rs8_firmware 1.15.3
asus rs500a-e9-rs4_firmware 1.14.1
asus z11pa-u12/10g-2s_firmware 1.15.1
asus z11pr-d16_firmware 1.15.3
asus rs520-e9-rs12-e_firmware 1.15.3
asus rs720q-e9-rs8-s_firmware 1.15.0
asus z11pa-d8c_firmware 1.14.1
asus rs720a-e9-rs24-e_firmware 1.10.3
asus rs720q-e9-rs24-s_firmware 1.15.0
asus rs500-e9-ps4_firmware 1.15.4
asus esc4000_dhd_g4_firmware 1.13.7
asus esc4000_g4_firmware 1.15.2
asus ws_c422_pro/se_firmware 1.14.1
asus rs700-e9-rs12_firmware 1.11.5
asus rs720-e9-rs24-u_firmware 1.14.3
asus rs720-e9-rs8-g_firmware 1.15.2
asus esc4000_g4x_firmware 1.11.6
asus rs700a-e9-rs12v2_firmware 1.15.1
asus esc8000_g4/10g_firmware 1.15.4
asus e700_g4_firmware 1.14.1
asus rs100-e10-pi2_firmware 1.13.6
asus rs700-e9-rs4_firmware 1.09
asus z11pa-u12_firmware 1.15.1
asus knpa-u16_firmware 1.13.4
asus rs720a-e9-rs12v2_firmware 1.15.2
asus rs500a-e9_rs4_u_firmware 1.14.1
asus rs500a-e10-rs4_firmware 1.15.2
asus rs700a-e9-rs4v2_firmware 1.15.1
asus rs500-e9-rs4_firmware 1.15.4
CVE-2021-28196 MEDIUM

The specific function in ASUS BMC’s firmware Web management page (Generate SSL certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6
twcert@cert.org.tw 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
asus esc8000_g4_firmware 1.15.4
asus rs300-e10-rs4_firmware 1.13.6
asus rs500-e9-rs4-u_firmware 1.15.4
asus rs500a-e9-ps4_firmware 1.14.1
asus rs720-e9-rs12-e_firmware 1.15.2
asus z11pa-d8_firmware 1.14.1
asus rs500a-e10-ps4_firmware 1.15.2
asus rs700a-e9-rs4_firmware 1.10.0
asus rs300-e10-ps4_firmware 1.13.6
asus ws_x299_pro/se_firmware 1.14.1
asus rs720a-e9-rs24v2_firmware 1.15.1
asus asmb9-ikvm_firmware 1.11.12
asus rs720q-e9-rs8_firmware 1.15.0
asus pro_e800_g4_firmware 1.14.2
asus ws_c621e_sage_firmware 1.15.1
asus rs520-e9-rs8_firmware 1.15.3
asus rs500a-e9-rs4_firmware 1.14.1
asus z11pa-u12/10g-2s_firmware 1.15.1
asus z11pr-d16_firmware 1.15.3
asus rs520-e9-rs12-e_firmware 1.15.3
asus rs720q-e9-rs8-s_firmware 1.15.0
asus z11pa-d8c_firmware 1.14.1
asus rs720a-e9-rs24-e_firmware 1.10.3
asus rs720q-e9-rs24-s_firmware 1.15.0
asus rs500-e9-ps4_firmware 1.15.4
asus esc4000_dhd_g4_firmware 1.13.7
asus esc4000_g4_firmware 1.15.2
asus ws_c422_pro/se_firmware 1.14.1
asus rs700-e9-rs12_firmware 1.11.5
asus rs720-e9-rs24-u_firmware 1.14.3
asus rs720-e9-rs8-g_firmware 1.15.2
asus esc4000_g4x_firmware 1.11.6
asus rs700a-e9-rs12v2_firmware 1.15.1
asus esc8000_g4/10g_firmware 1.15.4
asus e700_g4_firmware 1.14.1
asus rs100-e10-pi2_firmware 1.13.6
asus rs700-e9-rs4_firmware 1.09
asus z11pa-u12_firmware 1.15.1
asus knpa-u16_firmware 1.13.4
asus rs720a-e9-rs12v2_firmware 1.15.2
asus rs500a-e9_rs4_u_firmware 1.14.1
asus rs500a-e10-rs4_firmware 1.15.2
asus rs700a-e9-rs4v2_firmware 1.15.1
asus rs500-e9-rs4_firmware 1.15.4
CVE-2021-28197 MEDIUM

The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6
twcert@cert.org.tw 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
asus esc8000_g4_firmware 1.15.4
asus rs300-e10-rs4_firmware 1.13.6
asus rs500-e9-rs4-u_firmware 1.15.4
asus rs500a-e9-ps4_firmware 1.14.1
asus rs720-e9-rs12-e_firmware 1.15.2
asus z11pa-d8_firmware 1.14.1
asus rs500a-e10-ps4_firmware 1.15.2
asus rs700a-e9-rs4_firmware 1.10.0
asus rs300-e10-ps4_firmware 1.13.6
asus ws_x299_pro/se_firmware 1.14.1
asus rs720a-e9-rs24v2_firmware 1.15.1
asus asmb9-ikvm_firmware 1.11.12
asus rs720q-e9-rs8_firmware 1.15.0
asus pro_e800_g4_firmware 1.14.2
asus ws_c621e_sage_firmware 1.15.1
asus rs520-e9-rs8_firmware 1.15.3
asus rs500a-e9-rs4_firmware 1.14.1
asus z11pa-u12/10g-2s_firmware 1.15.1
asus z11pr-d16_firmware 1.15.3
asus rs520-e9-rs12-e_firmware 1.15.3
asus rs720q-e9-rs8-s_firmware 1.15.0
asus z11pa-d8c_firmware 1.14.1
asus rs720a-e9-rs24-e_firmware 1.10.3
asus rs720q-e9-rs24-s_firmware 1.15.0
asus rs500-e9-ps4_firmware 1.15.4
asus esc4000_dhd_g4_firmware 1.13.7
asus esc4000_g4_firmware 1.15.2
asus ws_c422_pro/se_firmware 1.14.1
asus rs700-e9-rs12_firmware 1.11.5
asus rs720-e9-rs24-u_firmware 1.14.3
asus rs720-e9-rs8-g_firmware 1.15.2
asus esc4000_g4x_firmware 1.11.6
asus rs700a-e9-rs12v2_firmware 1.15.1
asus esc8000_g4/10g_firmware 1.15.4
asus e700_g4_firmware 1.14.1
asus rs100-e10-pi2_firmware 1.13.6
asus rs700-e9-rs4_firmware 1.09
asus z11pa-u12_firmware 1.15.1
asus knpa-u16_firmware 1.13.4
asus rs720a-e9-rs12v2_firmware 1.15.2
asus rs500a-e9_rs4_u_firmware 1.14.1
asus rs500a-e10-rs4_firmware 1.15.2
asus rs700a-e9-rs4v2_firmware 1.15.1
asus rs500-e9-rs4_firmware 1.15.4
CVE-2021-28198 MEDIUM

The Firmware protocol configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
asus esc8000_g4_firmware 1.15.4
asus rs300-e10-rs4_firmware 1.13.6
asus rs500-e9-rs4-u_firmware 1.15.4
asus rs500a-e9-ps4_firmware 1.14.1
asus rs720-e9-rs12-e_firmware 1.15.2
asus z11pa-d8_firmware 1.14.1
asus rs500a-e10-ps4_firmware 1.15.2
asus rs700a-e9-rs4_firmware 1.10.0
asus rs300-e10-ps4_firmware 1.13.6
asus ws_x299_pro/se_firmware 1.14.1
asus rs720a-e9-rs24v2_firmware 1.15.1
asus asmb9-ikvm_firmware 1.11.12
asus rs720q-e9-rs8_firmware 1.15.0
asus pro_e800_g4_firmware 1.14.2
asus ws_c621e_sage_firmware 1.15.1
asus rs520-e9-rs8_firmware 1.15.3
asus rs500a-e9-rs4_firmware 1.14.1
asus z11pa-u12/10g-2s_firmware 1.15.1
asus z11pr-d16_firmware 1.15.3
asus rs520-e9-rs12-e_firmware 1.15.3
asus rs720q-e9-rs8-s_firmware 1.15.0
asus z11pa-d8c_firmware 1.14.1
asus rs720a-e9-rs24-e_firmware 1.10.3
asus rs720q-e9-rs24-s_firmware 1.15.0
asus rs500-e9-ps4_firmware 1.15.4
asus esc4000_dhd_g4_firmware 1.13.7
asus esc4000_g4_firmware 1.15.2
asus ws_c422_pro/se_firmware 1.14.1
asus rs700-e9-rs12_firmware 1.11.5
asus rs720-e9-rs24-u_firmware 1.14.3
asus rs720-e9-rs8-g_firmware 1.15.2
asus esc4000_g4x_firmware 1.11.6
asus rs700a-e9-rs12v2_firmware 1.15.1
asus esc8000_g4/10g_firmware 1.15.4
asus e700_g4_firmware 1.14.1
asus rs100-e10-pi2_firmware 1.13.6
asus rs700-e9-rs4_firmware 1.09
asus z11pa-u12_firmware 1.15.1
asus knpa-u16_firmware 1.13.4
asus rs720a-e9-rs12v2_firmware 1.15.2
asus rs500a-e9_rs4_u_firmware 1.14.1
asus rs500a-e10-rs4_firmware 1.15.2
asus rs700a-e9-rs4v2_firmware 1.15.1
asus rs500-e9-rs4_firmware 1.15.4
CVE-2021-28199 MEDIUM

The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
asus esc8000_g4_firmware 1.15.4
asus rs300-e10-rs4_firmware 1.13.6
asus rs500-e9-rs4-u_firmware 1.15.4
asus rs500a-e9-ps4_firmware 1.14.1
asus rs720-e9-rs12-e_firmware 1.15.2
asus z11pa-d8_firmware 1.14.1
asus rs500a-e10-ps4_firmware 1.15.2
asus rs700a-e9-rs4_firmware 1.10.0
asus rs300-e10-ps4_firmware 1.13.6
asus ws_x299_pro/se_firmware 1.14.1
asus rs720a-e9-rs24v2_firmware 1.15.1
asus asmb9-ikvm_firmware 1.11.12
asus rs720q-e9-rs8_firmware 1.15.0
asus pro_e800_g4_firmware 1.14.2
asus ws_c621e_sage_firmware 1.15.1
asus rs520-e9-rs8_firmware 1.15.3
asus rs500a-e9-rs4_firmware 1.14.1
asus z11pa-u12/10g-2s_firmware 1.15.1
asus z11pr-d16_firmware 1.15.3
asus rs520-e9-rs12-e_firmware 1.15.3
asus rs720q-e9-rs8-s_firmware 1.15.0
asus z11pa-d8c_firmware 1.14.1
asus rs720a-e9-rs24-e_firmware 1.10.3
asus rs720q-e9-rs24-s_firmware 1.15.0
asus rs500-e9-ps4_firmware 1.15.4
asus esc4000_dhd_g4_firmware 1.13.7
asus esc4000_g4_firmware 1.15.2
asus ws_c422_pro/se_firmware 1.14.1
asus rs700-e9-rs12_firmware 1.11.5
asus rs720-e9-rs24-u_firmware 1.14.3
asus rs720-e9-rs8-g_firmware 1.15.2
asus esc4000_g4x_firmware 1.11.6
asus rs700a-e9-rs12v2_firmware 1.15.1
asus esc8000_g4/10g_firmware 1.15.4
asus e700_g4_firmware 1.14.1
asus rs100-e10-pi2_firmware 1.13.6
asus rs700-e9-rs4_firmware 1.09
asus z11pa-u12_firmware 1.15.1
asus knpa-u16_firmware 1.13.4
asus rs720a-e9-rs12v2_firmware 1.15.2
asus rs500a-e9_rs4_u_firmware 1.14.1
asus rs500a-e10-rs4_firmware 1.15.2
asus rs700a-e9-rs4v2_firmware 1.15.1
asus rs500-e9-rs4_firmware 1.15.4
CVE-2021-28200 MEDIUM

The CD media configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6
twcert@cert.org.tw 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
asus esc8000_g4_firmware 1.15.4
asus rs300-e10-rs4_firmware 1.13.6
asus rs500-e9-rs4-u_firmware 1.15.4
asus rs500a-e9-ps4_firmware 1.14.1
asus rs720-e9-rs12-e_firmware 1.15.2
asus z11pa-d8_firmware 1.14.1
asus rs500a-e10-ps4_firmware 1.15.2
asus rs700a-e9-rs4_firmware 1.10.0
asus rs300-e10-ps4_firmware 1.13.6
asus ws_x299_pro/se_firmware 1.14.1
asus rs720a-e9-rs24v2_firmware 1.15.1
asus asmb9-ikvm_firmware 1.11.12
asus rs720q-e9-rs8_firmware 1.15.0
asus pro_e800_g4_firmware 1.14.2
asus ws_c621e_sage_firmware 1.15.1
asus rs520-e9-rs8_firmware 1.15.3
asus rs500a-e9-rs4_firmware 1.14.1
asus z11pa-u12/10g-2s_firmware 1.15.1
asus z11pr-d16_firmware 1.15.3
asus rs520-e9-rs12-e_firmware 1.15.3
asus rs720q-e9-rs8-s_firmware 1.15.0
asus z11pa-d8c_firmware 1.14.1
asus rs720a-e9-rs24-e_firmware 1.10.3
asus rs720q-e9-rs24-s_firmware 1.15.0
asus rs500-e9-ps4_firmware 1.15.4
asus esc4000_dhd_g4_firmware 1.13.7
asus esc4000_g4_firmware 1.15.2
asus ws_c422_pro/se_firmware 1.14.1
asus rs700-e9-rs12_firmware 1.11.5
asus rs720-e9-rs24-u_firmware 1.14.3
asus rs720-e9-rs8-g_firmware 1.15.2
asus esc4000_g4x_firmware 1.11.6
asus rs700a-e9-rs12v2_firmware 1.15.1
asus esc8000_g4/10g_firmware 1.15.4
asus e700_g4_firmware 1.14.1
asus rs100-e10-pi2_firmware 1.13.6
asus rs700-e9-rs4_firmware 1.09
asus z11pa-u12_firmware 1.15.1
asus knpa-u16_firmware 1.13.4
asus rs720a-e9-rs12v2_firmware 1.15.2
asus rs500a-e9_rs4_u_firmware 1.14.1
asus rs500a-e10-rs4_firmware 1.15.2
asus rs700a-e9-rs4v2_firmware 1.15.1
asus rs500-e9-rs4_firmware 1.15.4
CVE-2021-28201 MEDIUM

The Service configuration-1 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
asus esc8000_g4_firmware 1.15.4
asus rs300-e10-rs4_firmware 1.13.6
asus rs500-e9-rs4-u_firmware 1.15.4
asus rs500a-e9-ps4_firmware 1.14.1
asus rs720-e9-rs12-e_firmware 1.15.2
asus z11pa-d8_firmware 1.14.1
asus rs500a-e10-ps4_firmware 1.15.2
asus rs700a-e9-rs4_firmware 1.10.0
asus rs300-e10-ps4_firmware 1.13.6
asus ws_x299_pro/se_firmware 1.14.1
asus rs720a-e9-rs24v2_firmware 1.15.1
asus asmb9-ikvm_firmware 1.11.12
asus rs720q-e9-rs8_firmware 1.15.0
asus pro_e800_g4_firmware 1.14.2
asus ws_c621e_sage_firmware 1.15.1
asus rs520-e9-rs8_firmware 1.15.3
asus rs500a-e9-rs4_firmware 1.14.1
asus z11pa-u12/10g-2s_firmware 1.15.1
asus z11pr-d16_firmware 1.15.3
asus rs520-e9-rs12-e_firmware 1.15.3
asus rs720q-e9-rs8-s_firmware 1.15.0
asus z11pa-d8c_firmware 1.14.1
asus rs720a-e9-rs24-e_firmware 1.10.3
asus rs720q-e9-rs24-s_firmware 1.15.0
asus rs500-e9-ps4_firmware 1.15.4
asus esc4000_dhd_g4_firmware 1.13.7
asus esc4000_g4_firmware 1.15.2
asus ws_c422_pro/se_firmware 1.14.1
asus rs700-e9-rs12_firmware 1.11.5
asus rs720-e9-rs24-u_firmware 1.14.3
asus rs720-e9-rs8-g_firmware 1.15.2
asus esc4000_g4x_firmware 1.11.6
asus rs700a-e9-rs12v2_firmware 1.15.1
asus esc8000_g4/10g_firmware 1.15.4
asus e700_g4_firmware 1.14.1
asus rs100-e10-pi2_firmware 1.13.6
asus rs700-e9-rs4_firmware 1.09
asus z11pa-u12_firmware 1.15.1
asus knpa-u16_firmware 1.13.4
asus rs720a-e9-rs12v2_firmware 1.15.2
asus rs500a-e9_rs4_u_firmware 1.14.1
asus rs500a-e10-rs4_firmware 1.15.2
asus rs700a-e9-rs4v2_firmware 1.15.1
asus rs500-e9-rs4_firmware 1.15.4
CVE-2021-28202 MEDIUM

The Service configuration-2 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
asus esc8000_g4_firmware 1.15.4
asus rs300-e10-rs4_firmware 1.13.6
asus rs500-e9-rs4-u_firmware 1.15.4
asus rs500a-e9-ps4_firmware 1.14.1
asus rs720-e9-rs12-e_firmware 1.15.2
asus z11pa-d8_firmware 1.14.1
asus rs500a-e10-ps4_firmware 1.15.2
asus rs700a-e9-rs4_firmware 1.10.0
asus rs300-e10-ps4_firmware 1.13.6
asus ws_x299_pro/se_firmware 1.14.1
asus rs720a-e9-rs24v2_firmware 1.15.1
asus asmb9-ikvm_firmware 1.11.12
asus rs720q-e9-rs8_firmware 1.15.0
asus pro_e800_g4_firmware 1.14.2
asus ws_c621e_sage_firmware 1.15.1
asus rs520-e9-rs8_firmware 1.15.3
asus rs500a-e9-rs4_firmware 1.14.1
asus z11pa-u12/10g-2s_firmware 1.15.1
asus z11pr-d16_firmware 1.15.3
asus rs520-e9-rs12-e_firmware 1.15.3
asus rs720q-e9-rs8-s_firmware 1.15.0
asus z11pa-d8c_firmware 1.14.1
asus rs720a-e9-rs24-e_firmware 1.10.3
asus rs720q-e9-rs24-s_firmware 1.15.0
asus rs500-e9-ps4_firmware 1.15.4
asus esc4000_dhd_g4_firmware 1.13.7
asus esc4000_g4_firmware 1.15.2
asus ws_c422_pro/se_firmware 1.14.1
asus rs700-e9-rs12_firmware 1.11.5
asus rs720-e9-rs24-u_firmware 1.14.3
asus rs720-e9-rs8-g_firmware 1.15.2
asus esc4000_g4x_firmware 1.11.6
asus rs700a-e9-rs12v2_firmware 1.15.1
asus esc8000_g4/10g_firmware 1.15.4
asus e700_g4_firmware 1.14.1
asus rs100-e10-pi2_firmware 1.13.6
asus rs700-e9-rs4_firmware 1.09
asus z11pa-u12_firmware 1.15.1
asus knpa-u16_firmware 1.13.4
asus rs720a-e9-rs12v2_firmware 1.15.2
asus rs500a-e9_rs4_u_firmware 1.14.1
asus rs500a-e10-rs4_firmware 1.15.2
asus rs700a-e9-rs4v2_firmware 1.15.1
asus rs500-e9-rs4_firmware 1.15.4
CVE-2021-28203 MEDIUM

The Web Set Media Image function in ASUS BMC’s firmware Web management page does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
asus z10pe-d16_ws_firmware 1.14.2
asus z10pr-d16_firmware 1.14.51
asus asmb8-ikvm_firmware 1.14.51
CVE-2021-28204 MEDIUM

The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
twcert@cert.org.tw 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
asus z10pe-d16_ws_firmware 1.14.2
asus z10pr-d16_firmware 1.14.51
asus asmb8-ikvm_firmware 1.14.51
CVE-2021-28205 MEDIUM

The specific function in ASUS BMC’s firmware Web management page (Delete SOL video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
asus z10pe-d16_ws_firmware 1.14.2
asus z10pr-d16_firmware 1.14.51
asus asmb8-ikvm_firmware 1.14.51
CVE-2021-28206 MEDIUM

The specific function in ASUS BMC’s firmware Web management page (Record video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6
twcert@cert.org.tw 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
asus esc8000_g4_firmware 1.15.4
asus rs300-e10-rs4_firmware 1.13.6
asus rs500-e9-rs4-u_firmware 1.15.4
asus rs500a-e9-ps4_firmware 1.14.1
asus rs720-e9-rs12-e_firmware 1.15.2
asus z11pa-d8_firmware 1.14.1
asus rs500a-e10-ps4_firmware 1.15.2
asus rs700a-e9-rs4_firmware 1.10.0
asus rs300-e10-ps4_firmware 1.13.6
asus ws_x299_pro/se_firmware 1.14.1
asus rs720a-e9-rs24v2_firmware 1.15.1
asus asmb9-ikvm_firmware 1.11.12
asus rs720q-e9-rs8_firmware 1.15.0
asus pro_e800_g4_firmware 1.14.2
asus ws_c621e_sage_firmware 1.15.1
asus rs520-e9-rs8_firmware 1.15.3
asus rs500a-e9-rs4_firmware 1.14.1
asus z11pa-u12/10g-2s_firmware 1.15.1
asus z11pr-d16_firmware 1.15.3
asus rs520-e9-rs12-e_firmware 1.15.3
asus rs720q-e9-rs8-s_firmware 1.15.0
asus z11pa-d8c_firmware 1.14.1
asus rs720a-e9-rs24-e_firmware 1.10.3
asus rs720q-e9-rs24-s_firmware 1.15.0
asus rs500-e9-ps4_firmware 1.15.4
asus esc4000_dhd_g4_firmware 1.13.7
asus esc4000_g4_firmware 1.15.2
asus ws_c422_pro/se_firmware 1.14.1
asus rs700-e9-rs12_firmware 1.11.5
asus rs720-e9-rs24-u_firmware 1.14.3
asus rs720-e9-rs8-g_firmware 1.15.2
asus esc4000_g4x_firmware 1.11.6
asus rs700a-e9-rs12v2_firmware 1.15.1
asus esc8000_g4/10g_firmware 1.15.4
asus e700_g4_firmware 1.14.1
asus rs100-e10-pi2_firmware 1.13.6
asus rs700-e9-rs4_firmware 1.09
asus z11pa-u12_firmware 1.15.1
asus knpa-u16_firmware 1.13.4
asus rs720a-e9-rs12v2_firmware 1.15.2
asus rs500a-e9_rs4_u_firmware 1.14.1
asus rs500a-e10-rs4_firmware 1.15.2
asus rs700a-e9-rs4v2_firmware 1.15.1
asus rs500-e9-rs4_firmware 1.15.4
CVE-2021-28207 MEDIUM

The specific function in ASUS BMC’s firmware Web management page (Get Help file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6
twcert@cert.org.tw 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
asus esc8000_g4_firmware 1.15.4
asus rs300-e10-rs4_firmware 1.13.6
asus rs500-e9-rs4-u_firmware 1.15.4
asus rs500a-e9-ps4_firmware 1.14.1
asus rs720-e9-rs12-e_firmware 1.15.2
asus z11pa-d8_firmware 1.14.1
asus rs500a-e10-ps4_firmware 1.15.2
asus rs700a-e9-rs4_firmware 1.10.0
asus rs300-e10-ps4_firmware 1.13.6
asus ws_x299_pro/se_firmware 1.14.1
asus rs720a-e9-rs24v2_firmware 1.15.1
asus asmb9-ikvm_firmware 1.11.12
asus rs720q-e9-rs8_firmware 1.15.0
asus pro_e800_g4_firmware 1.14.2
asus ws_c621e_sage_firmware 1.15.1
asus rs520-e9-rs8_firmware 1.15.3
asus rs500a-e9-rs4_firmware 1.14.1
asus z11pa-u12/10g-2s_firmware 1.15.1
asus z11pr-d16_firmware 1.15.3
asus rs520-e9-rs12-e_firmware 1.15.3
asus rs720q-e9-rs8-s_firmware 1.15.0
asus z11pa-d8c_firmware 1.14.1
asus rs720a-e9-rs24-e_firmware 1.10.3
asus rs720q-e9-rs24-s_firmware 1.15.0
asus rs500-e9-ps4_firmware 1.15.4
asus esc4000_dhd_g4_firmware 1.13.7
asus esc4000_g4_firmware 1.15.2
asus ws_c422_pro/se_firmware 1.14.1
asus rs700-e9-rs12_firmware 1.11.5
asus rs720-e9-rs24-u_firmware 1.14.3
asus rs720-e9-rs8-g_firmware 1.15.2
asus esc4000_g4x_firmware 1.11.6
asus rs700a-e9-rs12v2_firmware 1.15.1
asus esc8000_g4/10g_firmware 1.15.4
asus e700_g4_firmware 1.14.1
asus rs100-e10-pi2_firmware 1.13.6
asus rs700-e9-rs4_firmware 1.09
asus z11pa-u12_firmware 1.15.1
asus knpa-u16_firmware 1.13.4
asus rs720a-e9-rs12v2_firmware 1.15.2
asus rs500a-e9_rs4_u_firmware 1.14.1
asus rs500a-e10-rs4_firmware 1.15.2
asus rs700a-e9-rs4v2_firmware 1.15.1
asus rs500-e9-rs4_firmware 1.15.4
CVE-2021-28208 MEDIUM

The specific function in ASUS BMC’s firmware Web management page (Get video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
asus esc8000_g4_firmware 1.15.4
asus rs300-e10-rs4_firmware 1.13.6
asus rs500-e9-rs4-u_firmware 1.15.4
asus rs500a-e9-ps4_firmware 1.14.1
asus rs720-e9-rs12-e_firmware 1.15.2
asus z11pa-d8_firmware 1.14.1
asus rs500a-e10-ps4_firmware 1.15.2
asus rs700a-e9-rs4_firmware 1.10.0
asus rs300-e10-ps4_firmware 1.13.6
asus ws_x299_pro/se_firmware 1.14.1
asus rs720a-e9-rs24v2_firmware 1.15.1
asus asmb9-ikvm_firmware 1.11.12
asus rs720q-e9-rs8_firmware 1.15.0
asus pro_e800_g4_firmware 1.14.2
asus ws_c621e_sage_firmware 1.15.1
asus rs520-e9-rs8_firmware 1.15.3
asus rs500a-e9-rs4_firmware 1.14.1
asus z11pa-u12/10g-2s_firmware 1.15.1
asus z11pr-d16_firmware 1.15.3
asus rs520-e9-rs12-e_firmware 1.15.3
asus rs720q-e9-rs8-s_firmware 1.15.0
asus z11pa-d8c_firmware 1.14.1
asus rs720a-e9-rs24-e_firmware 1.10.3
asus rs720q-e9-rs24-s_firmware 1.15.0
asus rs500-e9-ps4_firmware 1.15.4
asus esc4000_dhd_g4_firmware 1.13.7
asus esc4000_g4_firmware 1.15.2
asus ws_c422_pro/se_firmware 1.14.1
asus rs700-e9-rs12_firmware 1.11.5
asus rs720-e9-rs24-u_firmware 1.14.3
asus rs720-e9-rs8-g_firmware 1.15.2
asus esc4000_g4x_firmware 1.11.6
asus rs700a-e9-rs12v2_firmware 1.15.1
asus esc8000_g4/10g_firmware 1.15.4
asus e700_g4_firmware 1.14.1
asus rs100-e10-pi2_firmware 1.13.6
asus rs700-e9-rs4_firmware 1.09
asus z11pa-u12_firmware 1.15.1
asus knpa-u16_firmware 1.13.4
asus rs720a-e9-rs12v2_firmware 1.15.2
asus rs500a-e9_rs4_u_firmware 1.14.1
asus rs500a-e10-rs4_firmware 1.15.2
asus rs700a-e9-rs4v2_firmware 1.15.1
asus rs500-e9-rs4_firmware 1.15.4
CVE-2021-28209 MEDIUM

The specific function in ASUS BMC’s firmware Web management page (Delete video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6
twcert@cert.org.tw 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
asus esc8000_g4_firmware 1.15.4
asus rs300-e10-rs4_firmware 1.13.6
asus rs500-e9-rs4-u_firmware 1.15.4
asus rs500a-e9-ps4_firmware 1.14.1
asus rs720-e9-rs12-e_firmware 1.15.2
asus z11pa-d8_firmware 1.14.1
asus rs500a-e10-ps4_firmware 1.15.2
asus rs700a-e9-rs4_firmware 1.10.0
asus rs300-e10-ps4_firmware 1.13.6
asus ws_x299_pro/se_firmware 1.14.1
asus rs720a-e9-rs24v2_firmware 1.15.1
asus asmb9-ikvm_firmware 1.11.12
asus rs720q-e9-rs8_firmware 1.15.0
asus pro_e800_g4_firmware 1.14.2
asus ws_c621e_sage_firmware 1.15.1
asus rs520-e9-rs8_firmware 1.15.3
asus rs500a-e9-rs4_firmware 1.14.1
asus z11pa-u12/10g-2s_firmware 1.15.1
asus z11pr-d16_firmware 1.15.3
asus rs520-e9-rs12-e_firmware 1.15.3
asus rs720q-e9-rs8-s_firmware 1.15.0
asus z11pa-d8c_firmware 1.14.1
asus rs720a-e9-rs24-e_firmware 1.10.3
asus rs720q-e9-rs24-s_firmware 1.15.0
asus rs500-e9-ps4_firmware 1.15.4
asus esc4000_dhd_g4_firmware 1.13.7
asus esc4000_g4_firmware 1.15.2
asus ws_c422_pro/se_firmware 1.14.1
asus rs700-e9-rs12_firmware 1.11.5
asus rs720-e9-rs24-u_firmware 1.14.3
asus rs720-e9-rs8-g_firmware 1.15.2
asus esc4000_g4x_firmware 1.11.6
asus rs700a-e9-rs12v2_firmware 1.15.1
asus esc8000_g4/10g_firmware 1.15.4
asus e700_g4_firmware 1.14.1
asus rs100-e10-pi2_firmware 1.13.6
asus rs700-e9-rs4_firmware 1.09
asus z11pa-u12_firmware 1.15.1
asus knpa-u16_firmware 1.13.4
asus rs720a-e9-rs12v2_firmware 1.15.2
asus rs500a-e9_rs4_u_firmware 1.14.1
asus rs500a-e10-rs4_firmware 1.15.2
asus rs700a-e9-rs4v2_firmware 1.15.1
asus rs500-e9-rs4_firmware 1.15.4
CVE-2021-28685 HIGH

AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow low-privileged users to interact directly with physical memory (by calling one of several driver routines that map physical memory into the virtual address space of the calling process) and to interact with MSR registers. This could enable low-privileged users to achieve NT AUTHORITY\SYSTEM privileges via a DeviceIoControl.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
asus gputweak_ii *
CVE-2021-28686 LOW

AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow low-privileged users to trigger a stack-based buffer overflow. This could enable low-privileged users to achieve Denial of Service via a DeviceIoControl.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-787,

Products Affected

Vendor Product Version
asus gputweak_ii *
CVE-2021-3128 MEDIUM

In ASUS RT-AX3000, ZenWiFi AX (XT8), RT-AX88U, and other ASUS routers with firmware < 3.0.0.4.386.42095 or < 9.0.0.4.386.41994, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-834,

Products Affected

Vendor Product Version
asus rt-ax86u_firmware *
asus rt-ac58u_firmware *
asus rt-ac5300_firmware *
asus rt-ax58u_firmware *
asus rt-ac68u_firmware *
asus rt-ac66u_b1_firmware *
asus rt-ac2900_firmware *
asus rt-ac88u_firmware *
asus rt-ac68r_firmware *
asus rt-ac68rw_firmware *
asus rt-ax68u_firmware *
asus rt-ax56u_firmware *
asus rt-ac1900p_firmware *
asus rt-ac1900_firmware *
asus rt-ac1900u_firmware *
asus rt-ax82u_firmware *
asus rt-ac85u_firmware *
asus rt-ac3100_firmware *
asus rt-ac86u_firmware *
asus rt-ac68p_firmware *
asus rt-ax88u_firmware *
asus rt-ac1750_b1_firmware *
asus rt-ac65u_firmware *
asus rt-ax55_firmware *
asus rt-ax3000_firmware *
asus zenwifi_ax_(xt8)_firmware *
asus rt-ac68w_firmware *
CVE-2021-3166 MEDIUM

An issue was discovered on ASUS DSL-N14U-B1 1.1.2.3_805 devices. An attacker can upload arbitrary file content as a firmware update when the filename Settings_DSL-N14U-B1.trx is used. Once this file is loaded, shutdown measures on a wide range of services are triggered as if it were a real update, resulting in a persistent outage of those services.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-434,

Products Affected

Vendor Product Version
asus dsl-n14u_b1_firmware 1.1.2.3_805
CVE-2021-32030 HIGH

The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 and Lyra Mini before 3.0.0.4_384_46630 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator interface. This relates to handle_request in router/httpd/httpd.c and auth_check in web_hook.o. An attacker-supplied value of '\0' matches the device's default value of '\0' in some situations. Note: All versions of Lyra Mini and earlier which are unsupported (End-of-Life, EOL) are also affected by this vulnerability, Consumers can mitigate this vulnerability by disabling the remote access features from WAN.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
asus gt-ac2900_firmware *
asus lyra_mini_firmware *
CVE-2021-3229 HIGH

Denial of service in ASUSWRT ASUS RT-AX3000 firmware versions 3.0.0.4.384_10177 and earlier versions allows an attacker to disrupt the use of device setup services via continuous login error.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
asus rt-ax3000_firmware *
CVE-2021-3254 HIGH

Asus DSL-N14U-B1 1.1.2.3_805 allows remote attackers to cause a Denial of Service (DoS) via a TCP SYN scan using nmap.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
asus dsl-n14u-b1_firmware 1.1.2.3_805
CVE-2021-37315

Incorrect Access Control issue discoverd in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the source for COPY and MOVE operations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2

Products Affected

Vendor Product Version
asus rt-ac68u_firmware *
CVE-2021-37316

SQL injection vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to view sensitive information via /etc/shadow.

Products Affected

Vendor Product Version
asus rt-ac68u_firmware *
CVE-2021-37317

Directory Traversal vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the target for COPY and MOVE operations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2

Products Affected

Vendor Product Version
asus rt-ac68u_firmware *
CVE-2021-37910 MEDIUM

ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has improper control of Interaction frequency vulnerability, an unauthenticated attacker can remotely disconnect other users' connections by sending specially crafted SAE authentication frames.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 2.2 1.4
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-799,

Products Affected

Vendor Product Version
asus gt-axe11000_firmware *
asus rt-ax58u_firmware *
asus rt-ax55_firmware *
asus rt-ax3000_firmware *
asus tuf-ax3000_firmware *
CVE-2021-40556

A stack overflow vulnerability exists in the httpd service in ASUS RT-AX56U Router Version 3.0.0.4.386.44266. This vulnerability is caused by the strcat function called by "caupload" input handle function allowing the user to enter 0xFFFF bytes into the stack. This vulnerability allows an attacker to execute commands remotely. The vulnerability requires authentication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
asus rt-ax56u_firmware 3.0.0.4.386.44266
CVE-2021-40981 MEDIUM

ASUS ROG Armoury Crate Lite before 4.2.10 allows local users to gain privileges by placing a Trojan horse file in the publicly writable %PROGRAMDATA%\ASUS\GamingCenterLib directory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,

Products Affected

Vendor Product Version
asus armoury_crate_lite_service *
CVE-2021-41289 LOW

ASUS P453UJ contains the Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability. With a general user’s permission, local attackers can modify the BIOS by replacing or filling in the content of the designated Memory DataBuffer, which causing a failure of integrity verification and further resulting in a failure to boot.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2
twcert@cert.org.tw 6.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H 1.0 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-119,CWE-119,

Products Affected

Vendor Product Version
asus p453uj_bios 311
CVE-2021-41435 HIGH

A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-307,

Products Affected

Vendor Product Version
asus rt-ax86u_firmware *
asus tuf-ax5400_firmware *
asus rt-ax88u_firmware *
asus rt-ax58u_firmware *
asus zenwifi_xd6_firmware *
asus rt-ax55_firmware *
asus rt-ax82u_gundam_edition_firmware *
asus rt-ax92u_firmware *
asus rt-ax3000_firmware *
asus rt-ax86s_firmware *
asus zenwifi_ax_(xt8)_firmware *
asus gt-ax11000_firmware *
asus rt-ax68u_firmware *
asus rt-ax56u_firmware *
asus rt-ax56u_v2_firmware *
asus rt-ax86u_zaku_ii_edition_firmware *
asus rt-ax82u_firmware *
asus tuf_gaming_ax3000_firmware *
CVE-2021-41436 HIGH

An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote unauthenticated attacker to DoS via sending a specially crafted HTTP packet.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-444,

Products Affected

Vendor Product Version
asus rt-ax86u_firmware *
asus tuf-ax5400_firmware *
asus rt-ax88u_firmware *
asus rt-ax58u_firmware *
asus zenwifi_xd6_firmware *
asus rt-ax55_firmware *
asus rt-ax82u_gundam_edition_firmware *
asus rt-ax92u_firmware *
asus rt-ax3000_firmware *
asus rt-ax86s_firmware *
asus zenwifi_ax_(xt8)_firmware *
asus gt-ax11000_firmware *
asus rt-ax68u_firmware *
asus rt-ax56u_firmware *
asus rt-ax56u_v2_firmware *
asus rt-ax86u_zaku_ii_edition_firmware *
asus rt-ax82u_firmware *
asus tuf_gaming_ax3000_firmware *
CVE-2021-41437

An HTTP response splitting attack in web application in ASUS RT-AX88U before v3.0.0.4.388.20558 allows an attacker to craft a specific URL that if an authenticated victim visits it, the URL will give access to the cloud storage of the attacker.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
asus rt-ax88u_firmware *
CVE-2021-42055 MEDIUM

ASUSTek ZenBook Pro Due 15 UX582 laptop firmware through 203 has Insecure Permissions that allow attacks by a physically proximate attacker.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-276,

Products Affected

Vendor Product Version
asus ux582lr_firmware *
CVE-2021-43702 LOW

ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H 2.3 6.0

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
asus rt-n12d1_firmware 3.0.0.4.386.46061
asus rt-ac85p_firmware 3.0.0.4.386.46061
asus rt-ac56u_firmware 3.0.0.4.386.46061
asus zenwifi_pro_et12_firmware 3.0.0.4.386.46061
asus zenwifi_ac_mini_firmware 3.0.0.4.386.46061
asus rt-ax92u_firmware 3.0.0.4.386.46061
asus rt-ac1900_firmware 3.0.0.4.386.46061
asus rog_rapture_gt-ac2900_firmware 3.0.0.4.386.46061
asus rt-ax55_firmware 3.0.0.4.386.46061
asus rt-ac1200e_firmware 3.0.0.4.386.46061
asus rt-ac1300uhp_firmware 3.0.0.4.386.46061
asus rt-ac56s_firmware 3.0.0.4.386.46061
asus rt-ac2400_firmware 3.0.0.4.386.46061
asus rt-ac1200g+_firmware 3.0.0.4.386.46061
asus rt-ac87u_firmware 3.0.0.4.386.46061
asus rt-ax82u_firmware 3.0.0.4.386.46061
asus rt-ac55u_firmware 3.0.0.4.386.46061
asus rt-n66w_firmware 3.0.0.4.386.46061
asus rt-ac68r_firmware 3.0.0.4.386.46061
asus rt-ac55uhp_firmware 3.0.0.4.386.46061
asus rt-n19_firmware 3.0.0.4.386.46061
asus rt-n14uhp_firmware 3.0.0.4.386.46061
asus rt-n12e_c1_firmware 3.0.0.4.386.46061
asus zenwifi_xt9_firmware 3.0.0.4.386.46061
asus rt-ac58u_firmware 3.0.0.4.386.46061
asus rt-ax86u_firmware 3.0.0.4.386.46061
asus rt-ac66u+_firmware 3.0.0.4.386.46061
asus zenwifi_ax_firmware 3.0.0.4.386.46061
asus rt-ac1200g_firmware 3.0.0.4.386.46061
asus rt-ac1900p_firmware 3.0.0.4.386.46061
asus zenwifi__pro_xt12_firmware 3.0.0.4.386.46061
asus rt-ax58u_firmware 3.0.0.4.386.46061
asus rt-ac56r_firmware 3.0.0.4.386.46061
asus zenwifi_xd4s_firmware 3.0.0.4.386.46061
asus rt-ac3100_firmware 3.0.0.4.386.46061
asus rt-ac1750_firmware 3.0.0.4.386.46061
asus rog_rapture_gt-ax11000_firmware 3.0.0.4.386.46061
asus rog_rapture_gt-ac5300_firmware 3.0.0.4.386.46061
asus rt-n18u_firmware 3.0.0.4.386.46061
asus rt-ac68u_firmware 3.0.0.4.386.46061
asus rt-ac68uf_firmware 3.0.0.4.386.46061
asus rt-ax3000_firmware 3.0.0.4.386.46061
asus zenwifi_ac_firmware 3.0.0.4.386.46061
asus rt-ac2900_firmware 3.0.0.4.386.46061
asus rt-ac1300g+_firmware 3.0.0.4.386.46061
asus rt-ac3200_firmware 3.0.0.4.386.46061
asus rt-ac66r_firmware 3.0.0.4.386.46061
asus tuf_gaming_ax3000_v2_firmware 3.0.0.4.386.46061
asus rt-ac88u_firmware 3.0.0.4.386.46061
asus 4g-ac53u_firmware 3.0.0.4.386.46061
asus rt-ac2200_firmware 3.0.0.4.386.46061
asus rt-ac51u_firmware 3.0.0.4.386.46061
asus rt-n12vp_b1_firmware 3.0.0.4.386.46061
asus rt-ac66u_firmware 3.0.0.4.386.46061
asus zenwifi_xd6_firmware 3.0.0.4.386.46061
asus rt-ac68p_firmware 3.0.0.4.386.46061
asus tuf_gaming_ax5400_firmware 3.0.0.4.386.46061
asus rt-ac87r_firmware 3.0.0.4.386.46061
asus rt-n12hp_b1_firmware 3.0.0.4.386.46061
asus 4g-ac68u_firmware 3.0.0.4.386.46061
asus rt-ac51u+_firmware 3.0.0.4.386.46061
asus rt-ac86u_firmware 3.0.0.4.386.46061
asus rt-n12e_b1_firmware 3.0.0.4.386.46061
asus rt-ac52u_b1_firmware 3.0.0.4.386.46061
asus rt-n66c1_firmware 3.0.0.4.386.46061
asus rt-ac5300_firmware 3.0.0.4.386.46061
asus rt-n12+_b1_firmware 3.0.0.4.386.46061
asus rt-ac1750_b1__firmware 3.0.0.4.386.46061
asus zenwifi_ax_hybrid_firmware 3.0.0.4.386.46061
asus rt-ac1200hp_firmware 3.0.0.4.386.46061
asus rt-acrh13_firmware 3.0.0.4.386.46061
asus rt-ac66u_b1_firmware 3.0.0.4.386.46061
asus rt-ac68w_firmware 3.0.0.4.386.46061
asus rt-ax88u_firmware 3.0.0.4.386.46061
asus rt-ac2600_firmware 3.0.0.4.386.46061
asus rt-ac85u_firmware 3.0.0.4.386.46061
asus rt-ac65p_firmware 3.0.0.4.386.46061
asus rt-ax56u_firmware 3.0.0.4.386.46061
asus rt-ac1200gu_firmware 3.0.0.4.386.46061
asus rt-n66u_firmware 3.0.0.4.386.46061
asus rt-ac1900u_firmware 3.0.0.4.386.46061
asus zenwifi_ax_mini_firmware 3.0.0.4.386.46061
asus rt-ac1200_firmware 3.0.0.4.386.46061
asus zenwifi_xd5_firmware 3.0.0.4.386.46061
asus rt-acrh17_firmware 3.0.0.4.386.46061
asus rt-n66r_firmware 3.0.0.4.386.46061
asus zenwifi_et8_firmware 3.0.0.4.386.46061
asus rt-ac66w_firmware 3.0.0.4.386.46061
asus rt-ax68u_firmware 3.0.0.4.386.46061
asus rt-ax89x_firmware 3.0.0.4.386.46061
asus rt-ac57u_firmware 3.0.0.4.386.46061
asus rt-ac53_firmware 3.0.0.4.386.46061
asus rt-ac65u_firmware 3.0.0.4.386.46061
CVE-2021-44158 HIGH

ASUS RT-AX56U Wi-Fi Router is vulnerable to stack-based buffer overflow due to improper validation for httpd parameter length. An authenticated local area network attacker can launch arbitrary code execution to control the system or disrupt service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9
twcert@cert.org.tw 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-121,CWE-1284,

Products Affected

Vendor Product Version
asus rt-ax56u_firmware 3.0.0.4.386.44266
CVE-2021-45756 HIGH

Asus RT-AC68U <3.0.0.4.385.20633 and RT-AC5300 <3.0.0.4.384.82072 are affected by a buffer overflow in blocking_request.cgi.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
asus rt-ac5300_firmware *
asus rt-ac68u_firmware *
CVE-2021-45757 HIGH

ASUS AC68U <=3.0.0.4.385.20852 is affected by a buffer overflow in blocking.cgi, which may cause a denial of service (DoS).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
asus rt-ac68u_firmware *
CVE-2021-46109 MEDIUM

Invalid input sanitizing leads to reflected Cross Site Scripting (XSS) in ASUS RT-AC52U_B1 3.0.0.4.380.10931 can lead to a user session hijack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
asus rt-ac52u_b1_firmware 3.0.0.4.380.10931
CVE-2021-46247 MEDIUM

The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from ASUS CMAX6000 v1.02.00.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,

Products Affected

Vendor Product Version
asus cmax6000_firmware 1.02.00
CVE-2022-21933 HIGH

ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
twcert@cert.org.tw 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-787,

Products Affected

Vendor Product Version
asus pb61v_firmware *
asus pb60s_firmware *
asus un65u_firmware *
asus pb60v_firmware *
asus pb60g_firmware *
asus pn40_firmware *
asus pn30_firmware *
asus ts10_firmware *
asus pb50_firmware *
asus pb60_firmware *
asus vc65-c1_firmware *
asus pn60_firmware *
asus pa90_firmware *
CVE-2022-22054 LOW

ASUS RT-AX56U’s login function contains a path traversal vulnerability due to its inadequate filtering for special characters in URL parameters, which allows an unauthenticated local area network attacker to access restricted system paths and download arbitrary files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
twcert@cert.org.tw 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
asus rt-ax56u_firmware 3.0.0.4.386.44266
CVE-2022-22262 LOW

ROG Live Service’s function for deleting temp files created by installation has an improper link resolution before file access vulnerability. Since this function does not validate the path before deletion, an unauthenticated local attacker can create an unexpected symbolic link to system file path, to delete arbitrary system files and disrupt system service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.7 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 2.5 5.2
twcert@cert.org.tw 7.7 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 2.5 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,CWE-59,

Products Affected

Vendor Product Version
asus rog_live_service *
CVE-2022-22814 HIGH

The System Diagnosis service of MyASUS before 3.1.2.0 allows privilege escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
asus myasus *
CVE-2022-23970 MEDIUM

ASUS RT-AX56U’s update_json function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another file with the same file name, which results in service disruption.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 8.1 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 2.8 5.2
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
asus rt-ax56u_firmware 3.0.0.4.386.45898
CVE-2022-23971 MEDIUM

ASUS RT-AX56U’s update_PLC/PORT file has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another PLC/PORT file with the same file name, which results in service disruption.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 2.8 5.2
twcert@cert.org.tw 8.1 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
asus rt-ax56u_firmware 3.0.0.4.386.45898
CVE-2022-23972 MEDIUM

ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation. An unauthenticated LAN attacker to inject arbitrary SQL code to read, modify and delete database.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
twcert@cert.org.tw 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,CWE-89,

Products Affected

Vendor Product Version
asus rt-ax56u_firmware 3.0.0.4.386.45898
CVE-2022-23973 MEDIUM

ASUS RT-AX56U’s user profile configuration function is vulnerable to stack-based buffer overflow due to insufficient validation for parameter length. An unauthenticated LAN attacker can execute arbitrary code to perform arbitrary operations or disrupt service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
asus rt-ax56u_firmware 3.0.0.4.386.45898
CVE-2022-25595 MEDIUM

ASUS RT-AC86U has improper user request handling, which allows an unauthenticated LAN attacker to cause a denial of service by sending particular request a server-to-client reply attempt.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
twcert@cert.org.tw 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
asus rt-ac86u_firmware 3.0.0.4.386.45956
CVE-2022-25596 MEDIUM

ASUS RT-AC56U’s configuration function has a heap-based buffer overflow vulnerability due to insufficient validation for the decryption parameter length, which allows an unauthenticated LAN attacker to execute arbitrary code, perform arbitrary operations and disrupt service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
asus rt-ac86u_firmware 3.0.0.4.386.45956
CVE-2022-25597 MEDIUM

ASUS RT-AC86U’s LPD service has insufficient filtering for special characters in the user request, which allows an unauthenticated LAN attacker to perform command injection attack, execute arbitrary commands and disrupt or terminate service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,NVD-CWE-Other,

Products Affected

Vendor Product Version
asus rt-ac86u_firmware 3.0.0.4.386.45956
CVE-2022-26376

A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.

Products Affected

Vendor Product Version
asus gt-ax11000_pro_firmware *
asus xt9_firmware *
asus rt-ax86u_firmware *
asus gt-axe16000_firmware *
asus rt-ax58u_firmware *
asus rt-ax55_firmware *
asuswrt-merlin new_gen *
asus xd6_firmware *
asus gt-ax11000_firmware *
asus rt-ax68u_firmware *
asus rt-ax56u_firmware *
asus xt8_firmware *
asus xt12_firmware *
asus et12_firmware *
asus xd4_firmware *
asus rt-ax82u_firmware *
asus tuf-ax3000_v2_firmware *
asus asuswrt *
asus gt-ax6000_firmware *
CVE-2022-26668 MEDIUM

ASUS Control Center API has a broken access control vulnerability. An unauthenticated remote attacker can call privileged API functions to perform partial system operations or cause partial disrupt of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 3.9 2.5
twcert@cert.org.tw 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,CWE-863,

Products Affected

Vendor Product Version
asus control_center 1.4.2.5
CVE-2022-26669 MEDIUM

ASUS Control Center is vulnerable to SQL injection. An authenticated remote attacker with general user privilege can inject SQL command to specific API parameters to acquire database schema or access data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
twcert@cert.org.tw 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,CWE-89,

Products Affected

Vendor Product Version
asus control_center 1.4.2.5
CVE-2022-26672 HIGH

ASUS WebStorage has a hardcoded API Token in the APP source code. An unauthenticated remote attacker can use this token to establish connections with the server and carry out login attempts to general user accounts. A successful login to a general user account allows the attacker to access, modify or delete this user account information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,CWE-798,

Products Affected

Vendor Product Version
asus webstorage *
CVE-2022-26673 LOW

ASUS RT-AX88U has insufficient filtering for special characters in the HTTP header parameter. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform Stored Cross-Site Scripting (XSS) attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
asus rt-ax88u_firmware *
CVE-2022-26674 HIGH

ASUS RT-AX88U has a Format String vulnerability, which allows an unauthenticated remote attacker to write to arbitrary memory address and perform remote arbitrary code execution, arbitrary system operation or disrupt service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-134,CWE-134,

Products Affected

Vendor Product Version
asus rt-ax88u_firmware *
CVE-2022-31874 HIGH

ASUS RT-N53 3.0.0.4.376.3754 has a command injection vulnerability in the SystemCmd parameter of the apply.cgi interface.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
asus rt-n53_firmware 3.0.0.4.376.3754
CVE-2022-32988 LOW

Cross Site Scripting (XSS) vulnerability in router Asus DSL-N14U-B1 1.1.2.3_805 via the "*list" parameters (e.g. filter_lwlist, keyword_rulelist, etc) in every ".asp" page containing a list of stored strings. The following asp files are affected: (1) cgi-bin/APP_Installation.asp, (2) cgi-bin/Advanced_ACL_Content.asp, (3) cgi-bin/Advanced_ADSL_Content.asp, (4) cgi-bin/Advanced_ASUSDDNS_Content.asp, (5) cgi-bin/Advanced_AiDisk_ftp.asp, (6) cgi-bin/Advanced_AiDisk_samba.asp, (7) cgi-bin/Advanced_DSL_Content.asp, (8) cgi-bin/Advanced_Firewall_Content.asp, (9) cgi-bin/Advanced_FirmwareUpgrade_Content.asp, (10) cgi-bin/Advanced_GWStaticRoute_Content.asp, (11) cgi-bin/Advanced_IPTV_Content.asp, (12) cgi-bin/Advanced_IPv6_Content.asp, (13) cgi-bin/Advanced_KeywordFilter_Content.asp, (14) cgi-bin/Advanced_LAN_Content.asp, (15) cgi-bin/Advanced_Modem_Content.asp, (16) cgi-bin/Advanced_PortTrigger_Content.asp, (17) cgi-bin/Advanced_QOSUserPrio_Content.asp, (18) cgi-bin/Advanced_QOSUserRules_Content.asp, (19) cgi-bin/Advanced_SettingBackup_Content.asp, (20) cgi-bin/Advanced_System_Content.asp, (21) cgi-bin/Advanced_URLFilter_Content.asp, (22) cgi-bin/Advanced_VPN_PPTP.asp, (23) cgi-bin/Advanced_VirtualServer_Content.asp, (24) cgi-bin/Advanced_WANPort_Content.asp, (25) cgi-bin/Advanced_WAdvanced_Content.asp, (26) cgi-bin/Advanced_WMode_Content.asp, (27) cgi-bin/Advanced_WWPS_Content.asp, (28) cgi-bin/Advanced_Wireless_Content.asp, (29) cgi-bin/Bandwidth_Limiter.asp, (30) cgi-bin/Guest_network.asp, (31) cgi-bin/Main_AccessLog_Content.asp, (32) cgi-bin/Main_AdslStatus_Content.asp, (33) cgi-bin/Main_Spectrum_Content.asp, (34) cgi-bin/Main_WebHistory_Content.asp, (35) cgi-bin/ParentalControl.asp, (36) cgi-bin/QIS_wizard.asp, (37) cgi-bin/QoS_EZQoS.asp, (38) cgi-bin/aidisk.asp, (39) cgi-bin/aidisk/Aidisk-1.asp, (40) cgi-bin/aidisk/Aidisk-2.asp, (41) cgi-bin/aidisk/Aidisk-3.asp, (42) cgi-bin/aidisk/Aidisk-4.asp, (43) cgi-bin/blocking.asp, (44) cgi-bin/cloud_main.asp, (45) cgi-bin/cloud_router_sync.asp, (46) cgi-bin/cloud_settings.asp, (47) cgi-bin/cloud_sync.asp, (48) cgi-bin/device-map/DSL_dashboard.asp, (49) cgi-bin/device-map/clients.asp, (50) cgi-bin/device-map/disk.asp, (51) cgi-bin/device-map/internet.asp, (52) cgi-bin/error_page.asp, (53) cgi-bin/index.asp, (54) cgi-bin/index2.asp, (55) cgi-bin/qis/QIS_PTM_manual_setting.asp, (56) cgi-bin/qis/QIS_admin_pass.asp, (57) cgi-bin/qis/QIS_annex_setting.asp, (58) cgi-bin/qis/QIS_bridge_cfg_tmp.asp, (59) cgi-bin/qis/QIS_detect.asp, (60) cgi-bin/qis/QIS_finish.asp, (61) cgi-bin/qis/QIS_ipoa_cfg_tmp.asp, (62) cgi-bin/qis/QIS_manual_setting.asp, (63) cgi-bin/qis/QIS_mer_cfg.asp, (64) cgi-bin/qis/QIS_mer_cfg_tmp.asp, (65) cgi-bin/qis/QIS_ppp_cfg.asp, (66) cgi-bin/qis/QIS_ppp_cfg_tmp.asp, (67) cgi-bin/qis/QIS_wireless.asp, (68) cgi-bin/query_wan_status.asp, (69) cgi-bin/query_wan_status2.asp, and (70) cgi-bin/start_apply.asp.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
asus dsl-n14u-b1_firmware 1.1.2.3_805
CVE-2022-35401

An authentication bypass vulnerability exists in the get_IFTTTTtoken.cgi functionality of Asus RT-AX82U 3.0.0.4.386_49674-ge182230. A specially-crafted HTTP request can lead to full administrative access to the device. An attacker would need to send a series of HTTP requests to exploit this vulnerability.

Products Affected

Vendor Product Version
asus rt-ax82u_firmware 3.0.0.4.386_49674-ge182230
CVE-2022-35899

There is an unquoted service path in ASUSTeK Aura Ready Game SDK service (GameSDK.exe) 1.0.0.4. This might allow a local user to escalate privileges by creating a %PROGRAMFILES(X86)%\ASUS\GameSDK.exe file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
asus aura_ready_game_software_development_kit 1.0.0.4
CVE-2022-36438

AsusSwitch.exe on ASUS personal computers (running Windows) sets weak file permissions, leading to local privilege escalation (this also can be used to delete files within the system arbitrarily). This affects ASUS System Control Interface 3 before 3.1.5.0, and AsusSwitch.exe before 1.0.10.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
asus system_control_interface *
asus asusswitch *
CVE-2022-36439

AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal computers (running Windows) allows a local user to write into the Temp directory and delete another more privileged file via SYSTEM privileges. This affects ASUS System Control Interface 3 before 3.1.5.0, AsusSoftwareManger.exe before 1.0.53.0, and AsusLiveUpdate.dll before 1.0.45.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 0.8 5.2

Products Affected

Vendor Product Version
asus system_control_interface *
asus asusliveupdate *
asus asussoftwaremanger *
CVE-2022-38105

An information disclosure vulnerability exists in the cm_processREQ_NC opcode of Asus RT-AX82U 3.0.0.4.386_49674-ge182230 router's configuration service. A specially-crafted network packets can lead to a disclosure of sensitive information. An attacker can send a network request to trigger this vulnerability.

Products Affected

Vendor Product Version
asus rt-ax82u_firmware 3.0.0.4.386_49674-ge182230
CVE-2022-38393

A denial of service vulnerability exists in the cfg_server cm_processConnDiagPktList opcode of Asus RT-AX82U 3.0.0.4.386_49674-ge182230 router's configuration service. A specially-crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.

Products Affected

Vendor Product Version
asus rt-ax82u_firmware 3.0.0.4.386_49674-ge182230
CVE-2022-38699

Armoury Crate Service’s logging function has insufficient validation to check if the log file is a symbolic link. A physical attacker with general user privilege can modify the log file property to a symbolic link that points to arbitrary system file, causing the logging function to overwrite the system file and disrupt the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 5.9 MEDIUM CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 0.7 5.2

Products Affected

Vendor Product Version
asus armoury_crate_service *
CVE-2022-4221

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Asus NAS-M25 allows an unauthenticated attacker to inject arbitrary OS commands via unsanitized cookie values.This issue affects NAS-M25: through 1.0.1.7.

Products Affected

Vendor Product Version
asus nas-m25_firmware *
CVE-2022-42455

ASUS EC Tool driver (aka d.sys) 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, as signed by ASUS and shipped with multiple ASUS software products, contains multiple IOCTL handlers that provide raw read and write access to port I/O and MSRs via unprivileged IOCTL calls. Local users can gain privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
asus armoury_crate *
CVE-2022-44898

The MsIo64.sys component in Asus Aura Sync through v1.07.79 does not properly validate input to IOCTL 0x80102040, 0x80102044, 0x80102050, and 0x80102054, allowing attackers to trigger a memory corruption and cause a Denial of Service (DoS) or escalate privileges via crafted IOCTL requests.

Products Affected

Vendor Product Version
asus aura_sync *
CVE-2023-26602

ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
asus asmb8-ikvm_firmware *
CVE-2023-26911

ASUS SetupAsusServices v1.0.5.1 in Asus Armoury Crate v5.3.4.0 contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges.

Products Affected

Vendor Product Version
asus armoury_crate *
asus setupasusservices *
CVE-2023-28702

ASUS RT-AC86U does not filter special characters for parameters in specific web URLs. A remote attacker with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands, disrupt system or terminate service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
asus rt-ac86u_firmware 3.0.0.4.386.51255
CVE-2023-28703

ASUS RT-AC86U’s specific cgi function has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A remote attacker with administrator privileges can exploit this vulnerability to execute arbitrary system commands, disrupt system or terminate service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
asus rt-ac86u_firmware 3.0.0.4.386.51255
CVE-2023-29772

A Cross-site scripting (XSS) vulnerability in the System Log/General Log page of the administrator web UI in ASUS RT-AC51U wireless router firmware version up to and including 3.0.0.4.380.8591 allows remote attackers to inject arbitrary web script or HTML via a malicious network request.

Products Affected

Vendor Product Version
asus rt-ac51u_firmware *
CVE-2023-31195

ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 uses sensitive cookies without 'Secure' attribute. When an attacker is in a position to be able to mount a man-in-the-middle attack, and a user is tricked to log into the affected device through an unencrypted ('http') connection, the user's session may be hijacked.

Products Affected

Vendor Product Version
asus rt-ax3000_firmware *
CVE-2023-34358

ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. A remote attacker can send a specially crafted request to a device which contains a specific user agent, causing the httpd binary to crash during a string comparison performed within web.c, resulting in a DoS condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
asus rt-ax88u_firmware *
CVE-2023-34359

ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. A remote attacker can send a specially crafted request to the device which causes the httpd binary to crash within the "do_json_decode()" function of ej.c, resulting in a DoS condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
asus rt-ax88u_firmware *
CVE-2023-34360

A stored cross-site scripting (XSS) issue was discovered within the Custom User Icons functionality of ASUS RT-AX88U running firmware versions 3.0.0.4.388.23110 and prior.  After a remote attacker logging in device with regular user privilege, the remote attacker can perform a Stored Cross-site Scripting (XSS) attack by uploading image which containing JavaScript code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L 2.3 5.3

Products Affected

Vendor Product Version
asus rt-ax88u_firmware *
CVE-2023-34940

Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overflow via the url parameter at /start-apply.html. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Products Affected

Vendor Product Version
asus rt-n10lx_firmware 2.0.0.39
CVE-2023-34941

A stored cross-site scripting (XSS) vulnerability in the urlFilterList function of Asus RT-N10LX Router v2.0.0.39 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL Keyword List text field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Products Affected

Vendor Product Version
asus rt-n10lx_firmware 2.0.0.39
CVE-2023-34942

Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overflow via the mac parameter at /start-apply.html. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Products Affected

Vendor Product Version
asus rt-n10lx_firmware 2.0.0.39
CVE-2023-35086

It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by directly using input as a format string when calling syslog in logmessage_normal function, in the do_detwan_cgi module of httpd. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service. This issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_51529.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
asus rt-ac86u_firmware 3.0.0.4_386_51529
asus rt-ax56u_v2_firmware 3.0.0.4.386_50460
CVE-2023-35087

It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by lacking validation for a specific value when calling cm_processChangedConfigMsg in ccm_processREQ_CHANGED_CONFIG function in AiMesh system. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service. This issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_51529.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
asus rt-ac86u_firmware 3.0.0.4_386_51529
asus rt-ax56u_v2_firmware 3.0.0.4.386_50460
CVE-2023-35720

ASUS RT-AX92U lighttpd mod_webdav.so SQL Injection Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected ASUS RT-AX92U routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mod_webdav.so module. When parsing a request, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-16078.

Products Affected

Vendor Product Version
asus rt-ax92u_firmware 3.0.0.4.386.46061
CVE-2023-38031

ASUS RT-AC86U Adaptive QoS - Web History function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
twcert@cert.org.tw 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
asus rt-ac86u_firmware 3.0.0.4_386_51529
CVE-2023-38032

ASUS RT-AC86U AiProtection security- related function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
asus rt-ac86u_firmware 3.0.0.4_386_51529
CVE-2023-38033

ASUS RT-AC86U unused Traffic Analyzer legacy Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
asus rt-ac86u_firmware 3.0.0.4_386_51529
CVE-2023-39086

ASUS RT-AC66U B1 3.0.0.4.286_51665 was discovered to transmit sensitive information in cleartext.

Products Affected

Vendor Product Version
asus rt-ac66u_b1_firmware 3.0.0.4.286_51665
CVE-2023-39236

ASUS RT-AC86U Traffic Analyzer - Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
asus rt-ac86u_firmware 3.0.0.4_386_51529
CVE-2023-39237

ASUS RT-AC86U Traffic Analyzer - Apps analysis function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
asus rt-ac86u_firmware 3.0.0.4_386_51529
CVE-2023-39238

It is identified a format string vulnerability in ASUS RT-AX56U V2. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_svr.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
asus rt-ac86u_firmware 3.0.0.4_386_51529
asus rt-ax55_firmware 3.0.0.4.386_50460
asus rt-ax56u_v2_firmware 3.0.0.4.386_50460
CVE-2023-39239

It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API. This vulnerability is caused by lacking validation for a specific value within its apply.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
asus rt-ac86u_firmware 3.0.0.4_386_51529
asus rt-ax55_firmware 3.0.0.4.386_50460
asus rt-ax56u_v2_firmware 3.0.0.4.386_50460
CVE-2023-39240

It is identified a format string vulnerability in ASUS RT-AX56U V2’s iperf client function API. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_cli.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
asus rt-ac86u_firmware 3.0.0.4_386_51529
asus rt-ax55_firmware 3.0.0.4.386_50460
asus rt-ax56u_v2_firmware 3.0.0.4.386_50460
CVE-2023-39780

On ASUS RT-AX55 3.0.0.4.386.51598 devices, authenticated attackers can perform OS command injection via the /start_apply.htm qos_bw_rulelist parameter. NOTE: for the similar "token-generated module" issue, see CVE-2023-41345; for the similar "token-refresh module" issue, see CVE-2023-41346; for the similar "check token module" issue, see CVE-2023-41347; and for the similar "code-authentication module" issue, see CVE-2023-41348.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
asus rt-ax55_firmware 3.0.0.4.386.51598
CVE-2023-41345

ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-generated module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system, or terminate services.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
twcert@cert.org.tw 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
asus rt-ax55_firmware 3.0.0.4.386.51598
CVE-2023-41346

ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-refresh module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
asus rt-ax55_firmware 3.0.0.4.386.51598
CVE-2023-41347

ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its check token module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
asus rt-ax55_firmware 3.0.0.4.386.51598
CVE-2023-41348

ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its code-authentication module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
twcert@cert.org.tw 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
asus rt-ax55_firmware 3.0.0.4.386.51598
CVE-2023-41349

ASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. An authenticated remote attacker can exploit the exported OpenVPN configuration to execute an externally-controlled format string attack, resulting in sensitivity information leakage, or forcing the device to reset and permanent denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
asus rt-ax88u_firmware *
CVE-2023-47678

An improper access control vulnerability exists in RT-AC87U all versions. An attacker may read or write files that are not intended to be accessed by connecting to a target device via tftp.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

Products Affected

Vendor Product Version
asus rt-ac87u_firmware *
CVE-2023-5716

ASUS Armoury Crate has a vulnerability in arbitrary file write and allows remote attackers to access or modify arbitrary files by sending specific HTTP requests without permission.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
asus armoury_crate *
CVE-2024-26342

A Null pointer dereference in usr/sbin/httpd in ASUS AC68U 3.0.0.4.384.82230 allows remote attackers to trigger DoS via network packet.

Products Affected

Vendor Product Version
asus 4g-ac68u_firmware 3.0.0.4.384.82230
CVE-2024-31159

The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Reflected Cross-site scripting attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

Products Affected

Vendor Product Version
asus download_master *
CVE-2024-31160

The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Stored Cross-site scripting attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

Products Affected

Vendor Product Version
asus download_master *
CVE-2024-31161

The upload functionality of ASUS Download Master does not properly filter user input. Remote attackers with administrative privilege can exploit this vulnerability to upload any file to any location. They may even upload malicious web page files to the website directory, allowing arbitrary system commands to be executed upon browsing the webpage.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
asus download_master *
CVE-2025-12793

An uncontrolled DLL loading path vulnerability exists in AsusSoftwareManagerAgent. A local attacker may influence the application to load a DLL from an attacker-controlled location, potentially resulting in arbitrary code execution. Refer to the ' Security Update for MyASUS' section on the ASUS Security Advisory for more information.

Products Affected

Vendor Product Version
asus myasus *
CVE-2025-15101

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Web management interface of certain ASUS router models. This vulnerability potentially allows actions to be performed with the existing privileges of an authenticated user on the affected device, including the ability to execute system commands through unintended mechanisms. Refer to the 'Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information.

Products Affected

Vendor Product Version
asus asus_firmware *
CVE-2025-59367

An authentication bypass vulnerability has been identified in certain DSL series routers, may allow remote attackers to gain unauthorized access into the affected system. Refer to the 'Security Update for DSL Series Router' section on the ASUS Security Advisory for more information.

Products Affected

Vendor Product Version
asus dsl-ac750_firmware *
asus dsl-ac51_firmware *
asus dsl-n16_firmware *
CVE-2025-59374

"UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. Only devices that met these conditions and installed the compromised versions were affected. The Live Update client has already reached End-of-Support (EOS) in October 2021, and no currently supported devices or products are affected by this issue.

Products Affected

Vendor Product Version
asus live_update *