Asus

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-15009 1Asus 1Screenpad2 Upgrade Tool Nov 21, 2024 Jul 20, 2020 N/A· v4 7.8 HIGH· v3 4.4 MEDIUM· v2 AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe in ScreenPad2_Upgrade_Tool.msi V1.0.3 for ASUS PCs with ScreenPad 1.0 (UX450FDX, UX550GDX and UX550GEX) could lead to unsigned code execution with no a...Show more AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe in ScreenPad2_Upgrade_Tool.msi V1.0.3 for ASUS PCs with ScreenPad 1.0 (UX450FDX, UX550GDX and UX550GEX) could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name.Show less
CVE-2020-12695 21Asus BroadcomCanon+18 more 2175020 Z4a69a 5030 M2u92b5030 Z4a70a+214 more Nov 21, 2024 Jun 8, 2020 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscriptio...Show more The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.Show less
CVE-2019-17603 1Asus 1Aura Sync Nov 21, 2024 Jun 2, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Ene.sys in Asus Aura Sync through 1.07.71 does not properly validate input to IOCTL 0x80102044, 0x80102050, and 0x80102054, which allows local users to cause a denial of service (system crash) or gain privileges via IOCT...Show more Ene.sys in Asus Aura Sync through 1.07.71 does not properly validate input to IOCTL 0x80102044, 0x80102050, and 0x80102054, which allows local users to cause a denial of service (system crash) or gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption.Show less
CVE-2020-10649 1Asus 1Device Activation Nov 21, 2024 Mar 25, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10 notebooks and PCs could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a pa...Show more DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10 notebooks and PCs could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name.Show less
CVE-2018-20335 1Asus 1Asuswrt Nov 21, 2024 Mar 20, 2020 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can trigger a DoS of the httpd service via the /APP_Installation.asp?= URI.
CVE-2018-20334 1Asus 1Asuswrt Nov 21, 2024 Mar 20, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacke...Show more An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell.Show less
CVE-2018-20333 1Asus 1Asuswrt Nov 21, 2024 Mar 20, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /update_applist.asp to see if a USB device is attached to the router and if there are apps installed on the router.
CVE-2018-8878 2Asus Asuswrt Merlin 2Asus Firmware Asuswrt Merlin Nov 21, 2024 Feb 27, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network devices' hostn...Show more Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network devices' hostnames and MAC addresses by reading the custom_id variable on the blocking.asp page.Show less
CVE-2018-8877 2Asus Asuswrt Merlin 2Asus Firmware Asuswrt Merlin Nov 21, 2024 Feb 27, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network IP address ran...Show more Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network IP address ranges by reading the new_lan_ip variable on the error_page.htm page.Show less
CVE-2013-3093 1Asus 7Dsl N55u Firmware Rt Ac66u FirmwareRt N10u Firmware+4 more Nov 21, 2024 Jan 28, 2020 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 ASUS RT-N56U devices allow CSRF.
CVE-2020-7997 1Asus 1Rt Ac66u Firmware Nov 21, 2024 Jan 28, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 ASUS WRT-AC66U 3 RT 3.0.0.4.372_67 devices allow XSS via the Client Name field to the Parental Control feature.
CVE-2019-15912 1Asus 7As 101 Firmware Dl 101 FirmwareHg100 Firmware+4 more Nov 21, 2024 Dec 20, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Attackers can use the ZigBee trust center rejoin procedure to perform mutiple denial of service attacks.
CVE-2019-15911 1Asus 7As 101 Firmware Dl 101 FirmwareHg100 Firmware+4 more Nov 21, 2024 Dec 20, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Because of insecure key transport in ZigBee communication, attackers can obtain sensitive information, cause...Show more An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Because of insecure key transport in ZigBee communication, attackers can obtain sensitive information, cause the multiple denial of service attacks, take over smart home devices, and tamper with messages.Show less
CVE-2019-15910 1Asus 7As 101 Firmware Dl 101 FirmwareHg100 Firmware+4 more Nov 21, 2024 Dec 20, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Attackers can utilize the "discover ZigBee network procedure" to perform a denial of service attack.
CVE-2019-19235 1Asus 1Atk Package Nov 21, 2024 Dec 18, 2019 N/A· v4 7.0 HIGH· v3 6.9 MEDIUM· v2 AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 (for Windows 10 notebook PCs) could lead to unsigned code execution with no additional execution. The user must put an application at a particular path, with a particular...Show more AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 (for Windows 10 notebook PCs) could lead to unsigned code execution with no additional execution. The user must put an application at a particular path, with a particular file name.Show less
CVE-2018-8879 1Asus 1Rt Ac66u Firmware Nov 21, 2024 Nov 21, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Stack-based buffer overflow in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to execute arbitrary code by providing a long string...Show more Stack-based buffer overflow in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to execute arbitrary code by providing a long string to the blocking.asp page via a GET or POST request. Vulnerable parameters are flag, mac, and cat_id.Show less
CVE-2019-15419 1Asus 1X105d Firmware Nov 21, 2024 Nov 14, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The Asus ASUS_X015_1 Android device with a build fingerprint of asus/CN_X015/ASUS_X015_1:7.0/NRD90M/CN_X015-14.00.1709.35-20171215:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defc...Show more The Asus ASUS_X015_1 Android device with a build fingerprint of asus/CN_X015/ASUS_X015_1:7.0/NRD90M/CN_X015-14.00.1709.35-20171215:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app (versionCode=5, versionName=5.0.1) that allows unauthorized command execution via a confused deputy attack. This capability can be accessed by any app co-located on the device.Show less
CVE-2019-15418 1Asus 2Pegasus 4 Max Firmware Pegasus 4a Firmware Nov 21, 2024 Nov 14, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The Asus ASUS_X00K_1 Android device with a build fingerprint of asus/CN_X00K/ASUS_X00K_1:7.0/NRD90M/CN_X00K-14.01.1711.27-20180420:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defc...Show more The Asus ASUS_X00K_1 Android device with a build fingerprint of asus/CN_X00K/ASUS_X00K_1:7.0/NRD90M/CN_X00K-14.01.1711.27-20180420:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app (versionCode=5, versionName=5.0.1) that allows unauthorized command execution via a confused deputy attack. This capability can be accessed by any app co-located on the device.Show less
CVE-2019-15414 1Asus 1Zenfone Ar Firmware Nov 21, 2024 Nov 14, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The Asus ZenFone AR Android device with a build fingerprint of asus/WW_ASUS_A002/ASUS_A002:7.0/NRD90M/14.1600.1805.51-20180626:user/release-keys contains a pre-installed app with a package name of com.asus.splendidcomman...Show more The Asus ZenFone AR Android device with a build fingerprint of asus/WW_ASUS_A002/ASUS_A002:7.0/NRD90M/14.1600.1805.51-20180626:user/release-keys contains a pre-installed app with a package name of com.asus.splendidcommandagent app (versionCode=1510200105, versionName=1.2.0.21_180605) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.Show less
CVE-2019-15413 1Asus 1Zenfone 3 Ultra Firmware Nov 21, 2024 Nov 14, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The Asus ZenFone 3 Ultra Android device with a build fingerprint of asus/WW_Phone/ASUS_A001:7.0/NRD90M/14.1010.1804.75-20180612:user/release-keys contains a pre-installed app with a package name of com.asus.splendidcomma...Show more The Asus ZenFone 3 Ultra Android device with a build fingerprint of asus/WW_Phone/ASUS_A001:7.0/NRD90M/14.1010.1804.75-20180612:user/release-keys contains a pre-installed app with a package name of com.asus.splendidcommandagent app (versionCode=1510200105, versionName=1.2.0.21_180605) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.Show less

Previous 1...789...14 Next