Vulnerabilities (CVE)

Filtered by vendor Asus Subscribe
Total 266 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-10649 2 Asus, Microsoft 2 Device Activation, Windows 10 2024-02-28 7.2 HIGH 7.8 HIGH
DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10 notebooks and PCs could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name.
CVE-2018-8878 2 Asus, Asuswrt-merlin 2 Asus Firmware, Asuswrt-merlin 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network devices' hostnames and MAC addresses by reading the custom_id variable on the blocking.asp page.
CVE-2019-15412 1 Asus 2 Zenfone 4 Selfie, Zenfone 4 Selfie Firmware 2024-02-28 4.6 MEDIUM 7.8 HIGH
The Asus ZenFone 4 Selfie Android device with a build fingerprint of asus/WW_Z01M/ASUS_Z01M_1:7.1.1/NMF26F/WW_71.50.395.57_20180913:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.
CVE-2018-8879 1 Asus 2 Rt-ac66u, Rt-ac66u Firmware 2024-02-28 7.5 HIGH 9.8 CRITICAL
Stack-based buffer overflow in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to execute arbitrary code by providing a long string to the blocking.asp page via a GET or POST request. Vulnerable parameters are flag, mac, and cat_id.
CVE-2013-4656 1 Asus 4 Rt-ac66u, Rt-ac66u Firmware, Rt-n56u and 1 more 2024-02-28 10.0 HIGH 9.8 CRITICAL
Symlink Traversal vulnerability in ASUS RT-AC66U and RT-N56U due to misconfiguration in the SMB service.
CVE-2020-7997 1 Asus 2 Rt-ac66u, Rt-ac66u Firmware 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
ASUS WRT-AC66U 3 RT 3.0.0.4.372_67 devices allow XSS via the Client Name field to the Parental Control feature.
CVE-2019-15397 1 Asus 2 Zenfone Max 4, Zenfone Max 4 Firmware 2024-02-28 7.2 HIGH 7.8 HIGH
The Asus ZenFone Max 4 Android device with a build fingerprint of asus/WW_Phone/ASUS_X00HD_4:7.1.1/NMF26F/14.2016.1803.373-20180308:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.
CVE-2019-15399 1 Asus 2 Zenfone 5q, Zenfone 5q Firmware 2024-02-28 7.2 HIGH 7.8 HIGH
The Asus ZenFone 5Q Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_2:7.1.1/NGI77B/14.0400.1809.059-20181016:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.
CVE-2019-15405 1 Asus 4 Pegasus 4 Max, Pegasus 4 Max Firmware, Pegasus 4a and 1 more 2024-02-28 7.2 HIGH 7.8 HIGH
The Asus ASUS_X00K_1 Android device with a build fingerprint of asus/CN_X00K/ASUS_X00K_1:7.0/NRD90M/CN_X00K-14.01.1711.27-20180420:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.
CVE-2019-15396 1 Asus 2 Zenfone 3, Zenfone 3 Firmware 2024-02-28 7.2 HIGH 7.8 HIGH
The Asus ZenFone 3 Android device with a build fingerprint of asus/WW_Phone/ASUS_Z012D:7.0/NRD90M/14.2020.1708.56-20170719:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.
CVE-2019-15401 1 Asus 2 Zenfone Ar, Zenfone Ar Firmware 2024-02-28 7.2 HIGH 7.8 HIGH
The Asus ASUS_A002 Android device with a build fingerprint of asus/WW_ASUS_A002/ASUS_A002:7.0/NRD90M/14.1600.1805.51-20180626:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.
CVE-2019-15407 1 Asus 2 Zenfone 4 Max, Zenfone 4 Max Firmware 2024-02-28 7.2 HIGH 7.8 HIGH
The Asus ASUS_X015_1 Android device with a build fingerprint of asus/CN_X015/ASUS_X015_1:7.0/NRD90M/CN_X015-14.00.1709.35-20171215:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.
CVE-2013-3093 1 Asus 14 Dsl-n55u, Dsl-n55u Firmware, Rt-ac66u and 11 more 2024-02-28 9.3 HIGH 8.8 HIGH
ASUS RT-N56U devices allow CSRF.
CVE-2019-15408 1 Asus 2 Zenfone 5 Lite, Zenfone 5 Lite Firmware 2024-02-28 7.2 HIGH 7.8 HIGH
The Asus ZenFone 5 Lite Android device with a build fingerprint of asus/WW_Phone/ASUS_X017D_1:7.1.1/NMF26F/14.0400.1810.061-20181107:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.
CVE-2019-15392 1 Asus 2 Zenfone 4 Selfie, Zenfone 4 Selfie Firmware 2024-02-28 2.1 LOW 5.5 MEDIUM
The Asus ZenFone 4 Selfie Android device with a build fingerprint of Android/sdm660_64/sdm660_64:8.1.0/OPM1/14.2016.1802.247-20180419:user/release-keys contains a pre-installed app with a package name of com.log.logservice app (versionCode=1, versionName=1) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.
CVE-2019-15404 1 Asus 2 Zenfone 4 Max, Zenfone 4 Max Firmware 2024-02-28 7.2 HIGH 7.8 HIGH
The Asus ZenFone Max 4 Android device with a build fingerprint of asus/WW_Phone/ASUS_X00HD_4:7.1.1/NMF26F/14.2016.1712.367-20171225:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000020, versionName=7.0.0.4_170901) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.
CVE-2019-15395 1 Asus 2 Zenfone 3s Max, Zenfone 3s Max Firmware 2024-02-28 7.2 HIGH 7.8 HIGH
The Asus ZenFone 3s Max Android device with a build fingerprint of asus/IN_X00G/ASUS_X00G_1:7.0/NRD90M/IN_X00G-14.02.1807.33-20180706:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app (versionCode=1570000015, versionName=7.0.0.3_161222) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.
CVE-2019-15911 1 Asus 14 As-101, As-101 Firmware, Dl-101 and 11 more 2024-02-28 7.5 HIGH 9.8 CRITICAL
An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Because of insecure key transport in ZigBee communication, attackers can obtain sensitive information, cause the multiple denial of service attacks, take over smart home devices, and tamper with messages.
CVE-2019-15418 1 Asus 4 Pegasus 4 Max, Pegasus 4 Max Firmware, Pegasus 4a and 1 more 2024-02-28 7.2 HIGH 7.8 HIGH
The Asus ASUS_X00K_1 Android device with a build fingerprint of asus/CN_X00K/ASUS_X00K_1:7.0/NRD90M/CN_X00K-14.01.1711.27-20180420:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app (versionCode=5, versionName=5.0.1) that allows unauthorized command execution via a confused deputy attack. This capability can be accessed by any app co-located on the device.
CVE-2019-15912 1 Asus 14 As-101, As-101 Firmware, Dl-101 and 11 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Attackers can use the ZigBee trust center rejoin procedure to perform mutiple denial of service attacks.