← Back

Asus

asus

272 CVEs • 897 products

Products (897)

Click to collapse
Toggle
Rt Ac86u Firmware
rt-ac86u_firmware
19 CVEs
Asmb8 Ikvm Firmware
asmb8-ikvm_firmware
19 CVEs
Z10pr D16 Firmware
z10pr-d16_firmware
18 CVEs
Z10pe D16 Ws Firmware
z10pe-d16_ws_firmware
18 CVEs
Asmb9 Ikvm Firmware
asmb9-ikvm_firmware
17 CVEs
Rs720a E9 Rs24 E Firmware
rs720a-e9-rs24-e_firmware
17 CVEs
Rs700a E9 Rs4 Firmware
rs700a-e9-rs4_firmware
17 CVEs
Rs700 E9 Rs4 Firmware
rs700-e9-rs4_firmware
17 CVEs
Esc4000 G4x Firmware
esc4000_g4x_firmware
17 CVEs
Rs700 E9 Rs12 Firmware
rs700-e9-rs12_firmware
17 CVEs
Rs100 E10 Pi2 Firmware
rs100-e10-pi2_firmware
17 CVEs
Rs300 E10 Ps4 Firmware
rs300-e10-ps4_firmware
17 CVEs
Rs300 E10 Rs4 Firmware
rs300-e10-rs4_firmware
17 CVEs
Rs500a E9 Ps4 Firmware
rs500a-e9-ps4_firmware
17 CVEs
Rs500a E9 Rs4 Firmware
rs500a-e9-rs4_firmware
17 CVEs
Rs500a E9 Rs4 U Firmware
rs500a-e9_rs4_u_firmware
17 CVEs
E700 G4 Firmware
e700_g4_firmware
17 CVEs
Ws C422 Pro/se Firmware
ws_c422_pro/se_firmware
17 CVEs
Ws X299 Pro/se Firmware
ws_x299_pro/se_firmware
17 CVEs
Z11pa U12 Firmware
z11pa-u12_firmware
17 CVEs
Z11pa U12/10g 2s Firmware
z11pa-u12/10g-2s_firmware
17 CVEs
Knpa U16 Firmware
knpa-u16_firmware
17 CVEs
Esc4000 Dhd G4 Firmware
esc4000_dhd_g4_firmware
17 CVEs
Esc4000 G4 Firmware
esc4000_g4_firmware
17 CVEs
Rs720q E9 Rs24 S Firmware
rs720q-e9-rs24-s_firmware
17 CVEs
Rs720q E9 Rs8 Firmware
rs720q-e9-rs8_firmware
17 CVEs
Rs720q E9 Rs8 S Firmware
rs720q-e9-rs8-s_firmware
17 CVEs
Z11pa D8 Firmware
z11pa-d8_firmware
17 CVEs
Z11pa D8c Firmware
z11pa-d8c_firmware
17 CVEs
Rs720 E9 Rs24 U Firmware
rs720-e9-rs24-u_firmware
17 CVEs
Rs720 E9 Rs8 G Firmware
rs720-e9-rs8-g_firmware
17 CVEs
Rs500 E9 Ps4 Firmware
rs500-e9-ps4_firmware
17 CVEs
Pro E800 G4 Firmware
pro_e800_g4_firmware
17 CVEs
Rs500 E9 Rs4 Firmware
rs500-e9-rs4_firmware
17 CVEs
Rs500 E9 Rs4 U Firmware
rs500-e9-rs4-u_firmware
17 CVEs
Rs520 E9 Rs12 E Firmware
rs520-e9-rs12-e_firmware
17 CVEs
Rs520 E9 Rs8 Firmware
rs520-e9-rs8_firmware
17 CVEs
Esc8000 G4 Firmware
esc8000_g4_firmware
17 CVEs
Esc8000 G4/10g Firmware
esc8000_g4/10g_firmware
17 CVEs
Rs720 E9 Rs12 E Firmware
rs720-e9-rs12-e_firmware
17 CVEs
Ws C621e Sage Firmware
ws_c621e_sage_firmware
17 CVEs
Rs500a E10 Ps4 Firmware
rs500a-e10-ps4_firmware
17 CVEs
Rs500a E10 Rs4 Firmware
rs500a-e10-rs4_firmware
17 CVEs
Rs700a E9 Rs12v2 Firmware
rs700a-e9-rs12v2_firmware
17 CVEs
Rs700a E9 Rs4v2 Firmware
rs700a-e9-rs4v2_firmware
17 CVEs
Rs720a E9 Rs12v2 Firmware
rs720a-e9-rs12v2_firmware
17 CVEs
Rs720a E9 Rs24v2 Firmware
rs720a-e9-rs24v2_firmware
17 CVEs
Z11pr D16 Firmware
z11pr-d16_firmware
17 CVEs
Rt Ac68u Firmware
rt-ac68u_firmware
14 CVEs
Rt Ax55 Firmware
rt-ax55_firmware
14 CVEs
Rt Ax56u Firmware
rt-ax56u_firmware
12 CVEs
Rt Ac66u Firmware
rt-ac66u_firmware
11 CVEs
Rt Ax88u Firmware
rt-ax88u_firmware
11 CVEs
Asuswrt
asuswrt
10 CVEs
Rt N56u Firmware
rt-n56u_firmware
9 CVEs
Rt Ax82u Firmware
rt-ax82u_firmware
8 CVEs
Rt Ac3200 Firmware
rt-ac3200_firmware
7 CVEs
Hg100 Firmware
hg100_firmware
7 CVEs
Rt Ax3000 Firmware
rt-ax3000_firmware
7 CVEs
Rt Ax56u V2 Firmware
rt-ax56u_v2_firmware
7 CVEs
Rt Ac87u Firmware
rt-ac87u_firmware
6 CVEs
Rt Ac1750 Firmware
rt-ac1750_firmware
6 CVEs
Rt Ax86u Firmware
rt-ax86u_firmware
6 CVEs
Rt Ax58u Firmware
rt-ax58u_firmware
6 CVEs
Rt N66u Firmware
rt-n66u_firmware
5 CVEs
Rt Ac68u
rt-ac68u
5 CVEs
Dsl N14u B1 Firmware
dsl-n14u-b1_firmware
5 CVEs
Rt Ac88u Firmware
rt-ac88u_firmware
5 CVEs
Rt Ac58u Firmware
rt-ac58u_firmware
5 CVEs
Gt Ac5300 Firmware
gt-ac5300_firmware
5 CVEs
Zenfone 4 Selfie Firmware
zenfone_4_selfie_firmware
5 CVEs
Rt Ax68u Firmware
rt-ax68u_firmware
5 CVEs
Rt N56u
rt-n56u
4 CVEs
Wl 330nul Firmware
wl-330nul_firmware
4 CVEs
Rt Ac53 Firmware
rt-ac53_firmware
4 CVEs
Rt Ac2900 Firmware
rt-ac2900_firmware
4 CVEs
Rt Ac5300 Firmware
rt-ac5300_firmware
4 CVEs
Zenfone 3 Max Firmware
zenfone_3_max_firmware
4 CVEs
Rt Ac1900p Firmware
rt-ac1900p_firmware
4 CVEs
Rt Ax92u Firmware
rt-ax92u_firmware
4 CVEs
Rt N66u
rt-n66u
3 CVEs
Rt N16 Firmware
rt-n16_firmware
3 CVEs
Rt Ac56s Firmware
rt-ac56s_firmware
3 CVEs
Dsl N10s Firmware
dsl-n10s_firmware
3 CVEs
Dsl N12e C1 Firmware
dsl-n12e_c1_firmware
3 CVEs
Dsl N17u Firmware
dsl-n17u_firmware
3 CVEs
Rt Ac1900 Firmware
rt-ac1900_firmware
3 CVEs
Rt Ac3100 Firmware
rt-ac3100_firmware
3 CVEs
Rt Ac51u Firmware
rt-ac51u_firmware
3 CVEs
Rt Ac52u B1 Firmware
rt-ac52u_b1_firmware
3 CVEs
Aura Sync Firmware
aura_sync_firmware
3 CVEs
Zenfone 5q Firmware
zenfone_5q_firmware
3 CVEs
Zenfone Ar Firmware
zenfone_ar_firmware
3 CVEs
Mw100 Firmware
mw100_firmware
3 CVEs
Ws 101 Firmware
ws-101_firmware
3 CVEs
Ts 101 Firmware
ts-101_firmware
3 CVEs
As 101 Firmware
as-101_firmware
3 CVEs
Ms 101 Firmware
ms-101_firmware
3 CVEs
Dl 101 Firmware
dl-101_firmware
3 CVEs
Rt N53 Firmware
rt-n53_firmware
3 CVEs

CVEs (272)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-26669
1Asus
1Control Center
Nov 21, 2024
Jun 20, 2022
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
ASUS Control Center is vulnerable to SQL injection. An authenticated remote attacker with general user privilege can inject SQL command to specific API parameters to acquire database schema or access data.
CVE-2022-26668
1Asus
1Control Center
Nov 21, 2024
Jun 20, 2022
N/A· v4
6.5 MEDIUM· v3
6.4 MEDIUM· v2
ASUS Control Center API has a broken access control vulnerability. An unauthenticated remote attacker can call privileged API functions to perform partial system operations or cause partial disrupt of service.
CVE-2022-31874
1Asus
1Rt N53 Firmware
Nov 21, 2024
Jun 17, 2022
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
ASUS RT-N53 3.0.0.4.376.3754 has a command injection vulnerability in the SystemCmd parameter of the apply.cgi interface.
CVE-2021-3254
1Asus
1Dsl N14u B1 Firmware
Nov 21, 2024
May 11, 2022
N/A· v4
7.5 HIGH· v3
7.8 HIGH· v2
Asus DSL-N14U-B1 1.1.2.3_805 allows remote attackers to cause a Denial of Service (DoS) via a TCP SYN scan using nmap.
CVE-2022-26674
1Asus
1Rt Ax88u Firmware
Nov 21, 2024
Apr 22, 2022
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
ASUS RT-AX88U has a Format String vulnerability, which allows an unauthenticated remote attacker to write to arbitrary memory address and perform remote arbitrary code execution, arbitrary system operation or disrupt ser...Show more
ASUS RT-AX88U has a Format String vulnerability, which allows an unauthenticated remote attacker to write to arbitrary memory address and perform remote arbitrary code execution, arbitrary system operation or disrupt service.Show less
CVE-2022-26673
1Asus
1Rt Ax88u Firmware
Nov 21, 2024
Apr 22, 2022
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
ASUS RT-AX88U has insufficient filtering for special characters in the HTTP header parameter. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform Stored Cross-Sit...Show more
ASUS RT-AX88U has insufficient filtering for special characters in the HTTP header parameter. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform Stored Cross-Site Scripting (XSS) attacks.Show less
CVE-2022-26672
1Asus
1Webstorage
Nov 21, 2024
Apr 22, 2022
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
ASUS WebStorage has a hardcoded API Token in the APP source code. An unauthenticated remote attacker can use this token to establish connections with the server and carry out login attempts to general user accounts. A su...Show more
ASUS WebStorage has a hardcoded API Token in the APP source code. An unauthenticated remote attacker can use this token to establish connections with the server and carry out login attempts to general user accounts. A successful login to a general user account allows the attacker to access, modify or delete this user account information.Show less
CVE-2022-25597
1Asus
1Rt Ac86u Firmware
Nov 21, 2024
Apr 7, 2022
N/A· v4
8.8 HIGH· v3
5.8 MEDIUM· v2
ASUS RT-AC86U’s LPD service has insufficient filtering for special characters in the user request, which allows an unauthenticated LAN attacker to perform command injection attack, execute arbitrary commands and disrupt...Show more
ASUS RT-AC86U’s LPD service has insufficient filtering for special characters in the user request, which allows an unauthenticated LAN attacker to perform command injection attack, execute arbitrary commands and disrupt or terminate service.Show less
CVE-2022-25596
1Asus
1Rt Ac86u Firmware
Nov 21, 2024
Apr 7, 2022
N/A· v4
8.8 HIGH· v3
5.8 MEDIUM· v2
ASUS RT-AC56U’s configuration function has a heap-based buffer overflow vulnerability due to insufficient validation for the decryption parameter length, which allows an unauthenticated LAN attacker to execute arbitrary...Show more
ASUS RT-AC56U’s configuration function has a heap-based buffer overflow vulnerability due to insufficient validation for the decryption parameter length, which allows an unauthenticated LAN attacker to execute arbitrary code, perform arbitrary operations and disrupt service.Show less
CVE-2022-25595
1Asus
1Rt Ac86u Firmware
Nov 21, 2024
Apr 7, 2022
N/A· v4
6.5 MEDIUM· v3
6.1 MEDIUM· v2
ASUS RT-AC86U has improper user request handling, which allows an unauthenticated LAN attacker to cause a denial of service by sending particular request a server-to-client reply attempt.
CVE-2022-23973
1Asus
1Rt Ax56u Firmware
Nov 21, 2024
Apr 7, 2022
N/A· v4
8.8 HIGH· v3
5.8 MEDIUM· v2
ASUS RT-AX56U’s user profile configuration function is vulnerable to stack-based buffer overflow due to insufficient validation for parameter length. An unauthenticated LAN attacker can execute arbitrary code to perform...Show more
ASUS RT-AX56U’s user profile configuration function is vulnerable to stack-based buffer overflow due to insufficient validation for parameter length. An unauthenticated LAN attacker can execute arbitrary code to perform arbitrary operations or disrupt service.Show less
CVE-2022-23972
1Asus
1Rt Ax56u Firmware
Nov 21, 2024
Apr 7, 2022
N/A· v4
8.8 HIGH· v3
5.8 MEDIUM· v2
ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation. An unauthenticated LAN attacker to inject arbitrary SQL code to read, modify and delete database.
CVE-2022-23971
1Asus
1Rt Ax56u Firmware
Nov 21, 2024
Apr 7, 2022
N/A· v4
8.1 HIGH· v3
4.8 MEDIUM· v2
ASUS RT-AX56U’s update_PLC/PORT file has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading...Show more
ASUS RT-AX56U’s update_PLC/PORT file has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another PLC/PORT file with the same file name, which results in service disruption.Show less
CVE-2022-23970
1Asus
1Rt Ax56u Firmware
Nov 21, 2024
Apr 7, 2022
N/A· v4
8.1 HIGH· v3
4.8 MEDIUM· v2
ASUS RT-AX56U’s update_json function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading...Show more
ASUS RT-AX56U’s update_json function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another file with the same file name, which results in service disruption.Show less
CVE-2021-45757
1Asus
1Rt Ac68u Firmware
Nov 21, 2024
Mar 23, 2022
N/A· v4
7.5 HIGH· v3
7.8 HIGH· v2
ASUS AC68U <=3.0.0.4.385.20852 is affected by a buffer overflow in blocking.cgi, which may cause a denial of service (DoS).
CVE-2021-45756
1Asus
2Rt Ac5300 Firmware
Rt Ac68u Firmware
Nov 21, 2024
Mar 23, 2022
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Asus RT-AC68U <3.0.0.4.385.20633 and RT-AC5300 <3.0.0.4.384.82072 are affected by a buffer overflow in blocking_request.cgi.
CVE-2022-22814
1Asus
1Myasus
Nov 21, 2024
Mar 10, 2022
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
The System Diagnosis service of MyASUS before 3.1.2.0 allows privilege escalation.
CVE-2022-22262
1Asus
1Rog Live Service
Nov 21, 2024
Mar 1, 2022
N/A· v4
7.7 HIGH· v3
3.6 LOW· v2
ROG Live Service’s function for deleting temp files created by installation has an improper link resolution before file access vulnerability. Since this function does not validate the path before deletion, an unauthentic...Show more
ROG Live Service’s function for deleting temp files created by installation has an improper link resolution before file access vulnerability. Since this function does not validate the path before deletion, an unauthenticated local attacker can create an unexpected symbolic link to system file path, to delete arbitrary system files and disrupt system service.Show less
CVE-2021-46247
1Asus
1Cmax6000 Firmware
Nov 21, 2024
Feb 17, 2022
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from ASUS CMAX6000 v1.02.00.
CVE-2022-21933
1Asus
13Pa90 Firmware
Pb50 FirmwarePb60 Firmware+10 more
Nov 21, 2024
Jan 21, 2022
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for co...Show more
ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service.Show less