CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2021-40556
https://notcve.org/view.php?id=CVE-2021-40556
06 Oct 2022 — A stack overflow vulnerability exists in the httpd service in ASUS RT-AX56U Router Version 3.0.0.4.386.44266. This vulnerability is caused by the strcat function called by "caupload" input handle function allowing the user to enter 0xFFFF bytes into the stack. This vulnerability allows an attacker to execute commands remotely. The vulnerability requires authentication. Se presenta una vulnerabilidad de desbordamiento de pila en el servicio httpd del router ASUS RT-AX56U versión 3.0.0.4.386.44266. • https://www.asus.com/tw/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX56U/HelpDesk_BIOS • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 36EXPL: 1CVE-2022-26376
https://notcve.org/view.php?id=CVE-2022-26376
05 Aug 2022 — A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. Se presenta una vulnerabilidad de corrupción de memoria en la funcionalidad httpd unescape de Asuswrt versiones anteriores a 3.0.0.4.386_48706 y Asuswrt-Merlin New Gen versiones anteriores a 386.7. Una petición HTTP esp... • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1511 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22054 – ASUS RT-AX56U - Path Traversal
https://notcve.org/view.php?id=CVE-2022-22054
14 Jan 2022 — ASUS RT-AX56U’s login function contains a path traversal vulnerability due to its inadequate filtering for special characters in URL parameters, which allows an unauthenticated local area network attacker to access restricted system paths and download arbitrary files. La función de inicio de sesión de ASUS RT-AX56U contiene una vulnerabilidad de salto de ruta debido a su inapropiado filtrado de caracteres especiales en los parámetros de la URL, que permite a un atacante no autenticado de la red de área loca... • https://www.twcert.org.tw/tw/cp-132-5508-59251-1.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-44158 – ASUS RT-AX56U Router - Stack-based buffer overflow
https://notcve.org/view.php?id=CVE-2021-44158
03 Jan 2022 — ASUS RT-AX56U Wi-Fi Router is vulnerable to stack-based buffer overflow due to improper validation for httpd parameter length. An authenticated local area network attacker can launch arbitrary code execution to control the system or disrupt service. El router Wi-Fi ASUS RT-AX56U es vulnerable a un desbordamiento del búfer en la región stack de la memoria debido a una comprobación inapropiada de la longitud del parámetro httpd. Un atacante autenticado de la red de área local puede lanzar una ejecución de cód... • https://www.twcert.org.tw/tw/cp-132-5431-d23be-1.html • CWE-121: Stack-based Buffer Overflow CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 10.0EPSS: 4%CPEs: 38EXPL: 0CVE-2021-41435
https://notcve.org/view.php?id=CVE-2021-41435
19 Nov 2021 — A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request.... • http://asus.com • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 7.8EPSS: 4%CPEs: 38EXPL: 0CVE-2021-41436
https://notcve.org/view.php?id=CVE-2021-41436
19 Nov 2021 — An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote unauthenticated attacker to DoS via sending a specially crafted HTTP packet. Un contrabando de... • http://asus.com • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 2%CPEs: 108EXPL: 0CVE-2021-3128
https://notcve.org/view.php?id=CVE-2021-3128
12 Apr 2021 — In ASUS RT-AX3000, ZenWiFi AX (XT8), RT-AX88U, and other ASUS routers with firmware < 3.0.0.4.386.42095 or < 9.0.0.4.386.41994, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for wh... • https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-AX-XT8-/HelpDesk_BIOS • CWE-834: Excessive Iteration •