Asuswrt Merlin

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-26376 2Asus Asuswrt Merlin 19Asuswrt Et12 FirmwareGt Ax11000 Firmware+16 more Nov 21, 2024 Aug 5, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruptio...Show more A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.Show less
CVE-2018-8878 2Asus Asuswrt Merlin 2Asus Firmware Asuswrt Merlin Nov 21, 2024 Feb 27, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network devices' hostn...Show more Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network devices' hostnames and MAC addresses by reading the custom_id variable on the blocking.asp page.Show less
CVE-2018-8877 2Asus Asuswrt Merlin 2Asus Firmware Asuswrt Merlin Nov 21, 2024 Feb 27, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network IP address ran...Show more Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network IP address ranges by reading the new_lan_ip variable on the error_page.htm page.Show less
CVE-2018-5721 1Asuswrt Merlin 1Asuswrt Merlin Nov 21, 2024 Jan 17, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Stack-based buffer overflow in the ej_update_variables function in router/httpd/web.c on ASUS routers (when using software from https://github.com/RMerl/asuswrt-merlin) allows web authenticated attackers to execute code...Show more Stack-based buffer overflow in the ej_update_variables function in router/httpd/web.c on ASUS routers (when using software from https://github.com/RMerl/asuswrt-merlin) allows web authenticated attackers to execute code via a request that updates a setting. In ej_update_variables, the length of the variable action_script is not checked, as long as it includes a "_wan_if" substring.Show less
CVE-2017-12754 1Asuswrt Merlin 1Asuswrt Merlin May 13, 2026 Aug 9, 2017 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Stack buffer overflow in httpd in Asuswrt-Merlin firmware 380.67_0RT-AC5300 and earlier for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT...Show more Stack buffer overflow in httpd in Asuswrt-Merlin firmware 380.67_0RT-AC5300 and earlier for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code on the router by sending a crafted http GET request packet that includes a long delete_offline_client parameter in the url.Show less