CVSS: 4.6EPSS: 0%CPEs: 5EXPL: 0CVE-2024-11985
https://notcve.org/view.php?id=CVE-2024-11985
04 Dec 2024 — An improper input validation vulnerability leads to device crashes in certain ASUS router models. Refer to the '12/03/2024 ASUS Router Improper Input Validation' section on the ASUS Security Advisory for more information. • https://www.asus.com/content/asus-product-security-advisory • CWE-20: Improper Input Validation •
CVSS: 8.5EPSS: 1%CPEs: 15EXPL: 0CVE-2024-0401 – ASUS OVPN RCE
https://notcve.org/view.php?id=CVE-2024-0401
20 May 2024 — ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. An authenticated and remote attacker can execute arbitrary operating system commands by uploading a crafted OVPN profile. Known affected routers include ASUS ExpertWiFi, ASUS RT-AX55, ASUS RT-AX58U, ASUS RT-AC67U, ASUS RT-AC68R, ASUS RT-AC68U, ASUS RT-AX86, ASUS RT-AC86U, ASUS RT-AX88U, and ASUS RT-AX3000. Los enrutadores ASUS que admiten perfiles OpenVPN personalizados son afectados por una vulnerabilidad de e... • https://vulncheck.com/advisories/asus-ovpn-rce • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41348 – ASUS RT-AX55 - command injection - 4
https://notcve.org/view.php?id=CVE-2023-41348
03 Nov 2023 — ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its code-authentication module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services. La función relacionada con la autenticación de ASUS RT-AX55 tiene una vulnerabilidad de filtrado insuficiente de caracteres especiales dentro de su módulo de autenticación de código. ... • https://www.twcert.org.tw/tw/cp-132-7499-63907-1.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41347 – ASUS RT-AX55 - command injection - 3
https://notcve.org/view.php?id=CVE-2023-41347
03 Nov 2023 — ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its check token module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services. La función relacionada con la autenticación de ASUS RT-AX55 tiene una vulnerabilidad de filtrado insuficiente de caracteres especiales dentro de su módulo de token de verificación. Un atacant... • https://www.twcert.org.tw/tw/cp-132-7498-18012-1.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41346 – ASUS RT-AX55 - command injection - 2
https://notcve.org/view.php?id=CVE-2023-41346
03 Nov 2023 — ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-refresh module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services. La función relacionada con la autenticación de ASUS RT-AX55 tiene una vulnerabilidad de filtrado insuficiente de caracteres especiales dentro de su módulo de actualización de token. Un atac... • https://www.twcert.org.tw/tw/cp-132-7497-f92ac-1.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41345 – ASUS RT-AX55 - command injection - 1
https://notcve.org/view.php?id=CVE-2023-41345
03 Nov 2023 — ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-generated module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system, or terminate services. La función relacionada con la autenticación de ASUS RT-AX55 tiene una vulnerabilidad de filtrado insuficiente de caracteres especiales dentro de su módulo generado por token. Un atacante... • https://www.twcert.org.tw/tw/cp-132-7496-96e2c-1.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 1%CPEs: 2EXPL: 6CVE-2023-39780
https://notcve.org/view.php?id=CVE-2023-39780
11 Sep 2023 — ASUS RT-AX55 v3.0.0.4.386.51598 was discovered to contain an authenticated command injection vulnerability. Se descubrió que ASUS RT-AX55 v3.0.0.4.386.51598 contenía una vulnerabilidad de inyección de comandos autenticados. • https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/1/EN.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.3EPSS: 1%CPEs: 6EXPL: 0CVE-2023-39240 – ASUS RT-AX55、RT-AX56U_V2 - Format String - 3
https://notcve.org/view.php?id=CVE-2023-39240
07 Sep 2023 — It is identified a format string vulnerability in ASUS RT-AX56U V2’s iperf client function API. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_cli.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service. Se identificó una vulnerabilidad de cadena de formato en la API de función de cliente iperf de ASUS RT-AX56U V2. Esta vulnerabilidad se d... • https://www.twcert.org.tw/tw/cp-132-7356-021bf-1.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 8.3EPSS: 1%CPEs: 6EXPL: 0CVE-2023-39239 – ASUS RT-AX55、RT-AX56U_V2、RT-AC86U - Format String - 2
https://notcve.org/view.php?id=CVE-2023-39239
07 Sep 2023 — It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API. This vulnerability is caused by lacking validation for a specific value within its apply.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service. Se identificó una vulnerabilidad de cadena de formato en la API de función general de ASUS RT-AX56U V2. Esta vulnerabilidad se debe a la falta de valid... • https://https://www.twcert.org.tw/tw/cp-132-7355-0ce8d-1.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 8.3EPSS: 3%CPEs: 6EXPL: 0CVE-2023-39238 – ASUS RT-AX55、RT-AX56U_V2 - Format String - 1
https://notcve.org/view.php?id=CVE-2023-39238
07 Sep 2023 — It is identified a format string vulnerability in ASUS RT-AX56U V2. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_svr.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service. Se ha identificado una vulnerabilidad de cadena de formato en ASUS RT-AX56U V2. Esta vulnerabilidad se debe a la falta de validación de un valor específico dentro de... • https://www.twcert.org.tw/tw/cp-132-7354-4e654-1.html • CWE-134: Use of Externally-Controlled Format String •