Vulnerabilities (CVE)

Filtered by vendor Asus Subscribe
Filtered by product Rt-ac3200
Total 10 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-43702 1 Asus 186 4g-ac53u, 4g-ac53u Firmware, 4g-ac68u and 183 more 2024-11-21 3.5 LOW 9.0 CRITICAL
ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device.
CVE-2018-9285 1 Asus 22 Rt-ac1900, Rt-ac1900 Firmware, Rt-ac2900 and 19 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.384_10007; RT-N18U devices before 3.0.0.4.382.39935; RT-AC87U and RT-AC3200 devices before 3.0.0.4.382.50010; and RT-AC5300 devices before 3.0.0.4.384.20287 allows OS command injection via the pingCNT and destIP fields of the SystemCmd variable.
CVE-2018-20335 1 Asus 47 Asuswrt, Gt-ac2900, Gt-ac5300 and 44 more 2024-11-21 7.8 HIGH 7.5 HIGH
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can trigger a DoS of the httpd service via the /APP_Installation.asp?= URI.
CVE-2018-20334 1 Asus 47 Asuswrt, Gt-ac2900, Gt-ac5300 and 44 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell.
CVE-2018-20333 1 Asus 47 Asuswrt, Gt-ac2900, Gt-ac5300 and 44 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /update_applist.asp to see if a USB device is attached to the router and if there are apps installed on the router.
CVE-2018-14714 1 Asus 2 Rt-ac3200, Rt-ac3200 Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
System command injection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute system commands via the "load_script" URL parameter.
CVE-2018-14713 1 Asus 2 Rt-ac3200, Rt-ac3200 Firmware 2024-11-21 5.5 MEDIUM 8.1 HIGH
Format string vulnerability in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to read arbitrary sections of memory and CPU registers via the "hook" URL parameter.
CVE-2018-14712 1 Asus 2 Rt-ac3200, Rt-ac3200 Firmware 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
Buffer overflow in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to inject system commands via the "hook" URL parameter.
CVE-2018-14711 1 Asus 2 Rt-ac3200, Rt-ac3200 Firmware 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Missing cross-site request forgery protection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to cause state-changing actions with specially crafted URLs.
CVE-2018-14710 1 Asus 2 Rt-ac3200, Rt-ac3200 Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute JavaScript via the "hook" URL parameter.