CVSS: 10.0EPSS: 70%CPEs: 7EXPL: 0CVE-2024-3080 – ASUS Router - Improper Authentication
https://notcve.org/view.php?id=CVE-2024-3080
14 Jun 2024 — Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device. Ciertos modelos de enrutadores ASUS tienen una vulnerabilidad de omisión de autenticación, lo que permite a atacantes remotos no autenticados iniciar sesión en el dispositivo. • https://www.twcert.org.tw/en/cp-139-7860-760b1-2.html • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2024-3079 – ASUS Router - Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2024-3079
14 Jun 2024 — Certain models of ASUS routers have buffer overflow vulnerabilities, allowing remote attackers with administrative privileges to execute arbitrary commands on the device. Ciertos modelos de enrutadores ASUS tienen vulnerabilidades de desbordamiento de búfer, lo que permite a atacantes remotos con privilegios administrativos ejecutar comandos arbitrarios en el dispositivo. • https://www.twcert.org.tw/en/cp-139-7858-3c978-2.html • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.5EPSS: 1%CPEs: 15EXPL: 0CVE-2024-0401 – ASUS OVPN RCE
https://notcve.org/view.php?id=CVE-2024-0401
20 May 2024 — ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. An authenticated and remote attacker can execute arbitrary operating system commands by uploading a crafted OVPN profile. Known affected routers include ASUS ExpertWiFi, ASUS RT-AX55, ASUS RT-AX58U, ASUS RT-AC67U, ASUS RT-AC68R, ASUS RT-AC68U, ASUS RT-AX86, ASUS RT-AC86U, ASUS RT-AX88U, and ASUS RT-AX3000. Los enrutadores ASUS que admiten perfiles OpenVPN personalizados son afectados por una vulnerabilidad de e... • https://vulncheck.com/advisories/asus-ovpn-rce • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.3EPSS: 1%CPEs: 6EXPL: 0CVE-2023-39240 – ASUS RT-AX55、RT-AX56U_V2 - Format String - 3
https://notcve.org/view.php?id=CVE-2023-39240
07 Sep 2023 — It is identified a format string vulnerability in ASUS RT-AX56U V2’s iperf client function API. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_cli.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service. Se identificó una vulnerabilidad de cadena de formato en la API de función de cliente iperf de ASUS RT-AX56U V2. Esta vulnerabilidad se d... • https://www.twcert.org.tw/tw/cp-132-7356-021bf-1.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 8.3EPSS: 1%CPEs: 6EXPL: 0CVE-2023-39239 – ASUS RT-AX55、RT-AX56U_V2、RT-AC86U - Format String - 2
https://notcve.org/view.php?id=CVE-2023-39239
07 Sep 2023 — It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API. This vulnerability is caused by lacking validation for a specific value within its apply.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service. Se identificó una vulnerabilidad de cadena de formato en la API de función general de ASUS RT-AX56U V2. Esta vulnerabilidad se debe a la falta de valid... • https://https://www.twcert.org.tw/tw/cp-132-7355-0ce8d-1.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 8.3EPSS: 3%CPEs: 6EXPL: 0CVE-2023-39238 – ASUS RT-AX55、RT-AX56U_V2 - Format String - 1
https://notcve.org/view.php?id=CVE-2023-39238
07 Sep 2023 — It is identified a format string vulnerability in ASUS RT-AX56U V2. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_svr.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service. Se ha identificado una vulnerabilidad de cadena de formato en ASUS RT-AX56U V2. Esta vulnerabilidad se debe a la falta de validación de un valor específico dentro de... • https://www.twcert.org.tw/tw/cp-132-7354-4e654-1.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-39237 – ASUS RT-AC86U - Command injection vulnerability - 5
https://notcve.org/view.php?id=CVE-2023-39237
07 Sep 2023 — ASUS RT-AC86U Traffic Analyzer - Apps analysis function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services. La función de análisis Apps en el Analizador de Tráfico ASUS RT-AC86U tiene un filtrado insuficiente de caracteres especiales. Un atacante remoto con privilegios de usuario normal puede aprovechar esta vulnerabilidad para rea... • https://www.twcert.org.tw/tw/cp-132-7352-bad68-1.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-39236 – ASUS RT-AC86U - Command injection vulnerability - 4
https://notcve.org/view.php?id=CVE-2023-39236
07 Sep 2023 — ASUS RT-AC86U Traffic Analyzer - Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services. La función de análisis Statistics en el Analizador de Tráfico ASUS RT-AC86U tiene un filtrado insuficiente de caracteres especiales. Un atacante remoto con privilegios de usuario normal puede aprovechar esta vulnerabilidad para r... • https://www.twcert.org.tw/tw/cp-132-7351-ec8fe-1.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-38033 – ASUS RT-AC86U - Command injection vulnerability - 3
https://notcve.org/view.php?id=CVE-2023-38033
07 Sep 2023 — ASUS RT-AC86U unused Traffic Analyzer legacy Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services. La función heredada Statisctis en el Analizador de Tráfico no utilizado de ASUS RT-AC86U tiene un filtrado insuficiente de caracteres especiales. Un atacante remoto con privilegios de usuario normal puede aprovechar e... • https://www.twcert.org.tw/tw/cp-132-7350-ded5e-1.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-38032 – ASUS RT-AC86U - Command injection vulnerability - 2
https://notcve.org/view.php?id=CVE-2023-38032
07 Sep 2023 — ASUS RT-AC86U AiProtection security- related function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services. La función relacionada con la seguridad AiProtection de ASUS RT-AC86U no tiene suficiente filtrado de caracteres especiales. Un atacante remoto con privilegios de usuario normal puede aprovechar esta vulnerabilidad para realiza... • https://www.twcert.org.tw/tw/cp-132-7349-7f8cd-1.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •