Filtered by vendor Asus
Subscribe
Total
266 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-17945 | 1 Asus | 2 Hivivo, Vivobaby | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
The ASUS HiVivo aspplication before 5.6.27 for ASUS Watch has Missing SSL Certificate Validation. | |||||
CVE-2017-17944 | 1 Asus | 2 Hivivo, Vivobaby | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
The ASUS Vivobaby application before 1.1.09 for Android has Missing SSL Certificate Validation. | |||||
CVE-2017-15656 | 1 Asus | 1 Asuswrt | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
Password are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt. | |||||
CVE-2017-15655 | 1 Asus | 1 Asuswrt | 2024-11-21 | 9.3 HIGH | 9.6 CRITICAL |
Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version <=3.0.0.4.376.X. All have been fixed in version 3.0.0.4.378, but this vulnerability was not previously disclosed. Some end-of-life routers have this version as the newest and thus are vulnerable at this time. This vulnerability allows for RCE with administrator rights when the administrator visits several pages. | |||||
CVE-2017-15654 | 1 Asus | 1 Asuswrt | 2024-11-21 | 7.6 HIGH | 8.3 HIGH |
Highly predictable session tokens in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allow gaining administrative router access. | |||||
CVE-2017-15653 | 1 Asus | 1 Asuswrt | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
Improper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string. | |||||
CVE-2017-15361 | 35 Acer, Aopen, Asi and 32 more | 126 C720 Chromebook, Chromebase, Chromebase 24 and 123 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS. | |||||
CVE-2017-14699 | 1 Asus | 32 Dsl-ac51, Dsl-ac51 Firmware, Dsl-ac52u and 29 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
Multiple XML external entity (XXE) vulnerabilities in the AiCloud feature on ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote authenticated users to read arbitrary files via a crafted DTD in (1) an UPDATEACCOUNT or (2) a PROPFIND request. | |||||
CVE-2017-14698 | 1 Asus | 32 Dsl-ac51, Dsl-ac51 Firmware, Dsl-ac52u and 29 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote attackers to change passwords of arbitrary users via the http_passwd parameter to mod_login.asp. | |||||
CVE-2017-12593 | 1 Asus | 2 Dsl-n10s Firmware, Dsl-n10s Router | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
ASUS DSL-N10S V2.1.16_APAC devices allow CSRF. | |||||
CVE-2017-12592 | 1 Asus | 2 Dsl-n10s, Dsl-n10s Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
ASUS DSL-N10S V2.1.16_APAC devices have a privilege escalation vulnerability. A normal user can escalate its privilege and perform administrative actions. There is no mapping of users with their privileges. | |||||
CVE-2017-12591 | 1 Asus | 2 Dsl-n10s, Dsl-n10s Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
ASUS DSL-N10S V2.1.16_APAC devices have reflected and stored cross site scripting, as demonstrated by the snmpSysName parameter. | |||||
CVE-2017-12590 | 1 Asus | 2 Rt-n14uhp, Rt-n14uhp Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
ASUS RT-N14UHP devices before 3.0.0.4.380.8015 have a reflected XSS vulnerability in the "flag" parameter. | |||||
CVE-2016-6558 | 1 Asus | 14 Ea-n66, Ea-n66 Firmware, Rp-ac52 and 11 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
A command injection vulnerability exists in apply.cgi on the ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, web interface specifically in the action_script parameter. The action_script parameter specifies a script to be executed if the action_mode parameter does not contain a valid state. If the input provided by action_script does not match one of the hard coded options, then it will be executed as the argument of either a system() or an eval() call allowing arbitrary commands to be executed. | |||||
CVE-2016-6557 | 1 Asus | 14 Ea-n66, Ea-n66 Firmware, Rp-ac52 and 11 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request. | |||||
CVE-2015-7790 | 1 Asus | 2 Wl-330nul, Wl-330nul Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability on ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2015-7789 | 1 Asus | 2 Wl-330nul, Wl-33nul Firmware | 2024-11-21 | 3.3 LOW | 4.3 MEDIUM |
ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to cause a denial of service via unspecified vectors. | |||||
CVE-2015-7788 | 1 Asus | 2 Wl-330nul, Wl-330nul Firmware | 2024-11-21 | 5.8 MEDIUM | 7.3 HIGH |
ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to execute arbitrary commands via unspecified vectors. | |||||
CVE-2015-7787 | 1 Asus | 2 Wl-330nul, Wl-330nul Firmware | 2024-11-21 | 3.3 LOW | 4.3 MEDIUM |
ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to discover the WPA2-PSK passphrase via unspecified vectors. | |||||
CVE-2015-6949 | 1 Asus | 1 Tm-1900 | 2024-11-21 | 9.3 HIGH | N/A |
Stack-based buffer overflow in the ASUS TM-AC1900 router allows remote attackers to execute arbitrary code via crafted HTTP header values. |