CVSS: 8.3EPSS: 1%CPEs: 6EXPL: 0CVE-2023-39240 – ASUS RT-AX55、RT-AX56U_V2 - Format String - 3
https://notcve.org/view.php?id=CVE-2023-39240
07 Sep 2023 — It is identified a format string vulnerability in ASUS RT-AX56U V2’s iperf client function API. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_cli.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service. Se identificó una vulnerabilidad de cadena de formato en la API de función de cliente iperf de ASUS RT-AX56U V2. Esta vulnerabilidad se d... • https://www.twcert.org.tw/tw/cp-132-7356-021bf-1.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 8.3EPSS: 1%CPEs: 6EXPL: 0CVE-2023-39239 – ASUS RT-AX55、RT-AX56U_V2、RT-AC86U - Format String - 2
https://notcve.org/view.php?id=CVE-2023-39239
07 Sep 2023 — It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API. This vulnerability is caused by lacking validation for a specific value within its apply.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service. Se identificó una vulnerabilidad de cadena de formato en la API de función general de ASUS RT-AX56U V2. Esta vulnerabilidad se debe a la falta de valid... • https://https://www.twcert.org.tw/tw/cp-132-7355-0ce8d-1.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 8.3EPSS: 3%CPEs: 6EXPL: 0CVE-2023-39238 – ASUS RT-AX55、RT-AX56U_V2 - Format String - 1
https://notcve.org/view.php?id=CVE-2023-39238
07 Sep 2023 — It is identified a format string vulnerability in ASUS RT-AX56U V2. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_svr.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service. Se ha identificado una vulnerabilidad de cadena de formato en ASUS RT-AX56U V2. Esta vulnerabilidad se debe a la falta de validación de un valor específico dentro de... • https://www.twcert.org.tw/tw/cp-132-7354-4e654-1.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2023-35087 – ASUS RT-AX56U V2 & RT-AC86U - Format String - 2
https://notcve.org/view.php?id=CVE-2023-35087
21 Jul 2023 — It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by lacking validation for a specific value when calling cm_processChangedConfigMsg in ccm_processREQ_CHANGED_CONFIG function in AiMesh system. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service. This issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_51529. It is ... • https://www.twcert.org.tw/tw/cp-132-7249-ab2d1-1.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 8.3EPSS: 75%CPEs: 4EXPL: 1CVE-2023-35086 – ASUS RT-AX56U V2 & RT-AC86U - Format String -1
https://notcve.org/view.php?id=CVE-2023-35086
21 Jul 2023 — It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by directly using input as a format string when calling syslog in logmessage_normal function, in the do_detwan_cgi module of httpd. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service. This issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_51529. • https://github.com/tin-z/CVE-2023-35086-POC • CWE-134: Use of Externally-Controlled Format String •
CVSS: 10.0EPSS: 0%CPEs: 36EXPL: 1CVE-2022-26376
https://notcve.org/view.php?id=CVE-2022-26376
05 Aug 2022 — A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. Se presenta una vulnerabilidad de corrupción de memoria en la funcionalidad httpd unescape de Asuswrt versiones anteriores a 3.0.0.4.386_48706 y Asuswrt-Merlin New Gen versiones anteriores a 386.7. Una petición HTTP esp... • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1511 • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 188EXPL: 1CVE-2021-43702
https://notcve.org/view.php?id=CVE-2021-43702
05 Jul 2022 — ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device. ASUS RT-A88U versión 3.0.0.4.386_45898 es vulnerable a un ataque de tipo Cross Site Scripting (XSS). El panel de administración del enrutador ASUS no desinfecta los registros de WiFI correctamente, si un atacante pudiera cambiar el SSI... • https://www.asus.com/uk/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AC88U • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 4%CPEs: 38EXPL: 0CVE-2021-41435
https://notcve.org/view.php?id=CVE-2021-41435
19 Nov 2021 — A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request.... • http://asus.com • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 7.8EPSS: 4%CPEs: 38EXPL: 0CVE-2021-41436
https://notcve.org/view.php?id=CVE-2021-41436
19 Nov 2021 — An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote unauthenticated attacker to DoS via sending a specially crafted HTTP packet. Un contrabando de... • http://asus.com • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •