CVSS: 10.0EPSS: 70%CPEs: 7EXPL: 0CVE-2024-3080 – ASUS Router - Improper Authentication
https://notcve.org/view.php?id=CVE-2024-3080
14 Jun 2024 — Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device. Ciertos modelos de enrutadores ASUS tienen una vulnerabilidad de omisión de autenticación, lo que permite a atacantes remotos no autenticados iniciar sesión en el dispositivo. • https://www.twcert.org.tw/en/cp-139-7860-760b1-2.html • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2024-3079 – ASUS Router - Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2024-3079
14 Jun 2024 — Certain models of ASUS routers have buffer overflow vulnerabilities, allowing remote attackers with administrative privileges to execute arbitrary commands on the device. Ciertos modelos de enrutadores ASUS tienen vulnerabilidades de desbordamiento de búfer, lo que permite a atacantes remotos con privilegios administrativos ejecutar comandos arbitrarios en el dispositivo. • https://www.twcert.org.tw/en/cp-139-7858-3c978-2.html • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.5EPSS: 1%CPEs: 15EXPL: 0CVE-2024-0401 – ASUS OVPN RCE
https://notcve.org/view.php?id=CVE-2024-0401
20 May 2024 — ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. An authenticated and remote attacker can execute arbitrary operating system commands by uploading a crafted OVPN profile. Known affected routers include ASUS ExpertWiFi, ASUS RT-AX55, ASUS RT-AX58U, ASUS RT-AC67U, ASUS RT-AC68R, ASUS RT-AC68U, ASUS RT-AX86, ASUS RT-AC86U, ASUS RT-AX88U, and ASUS RT-AX3000. Los enrutadores ASUS que admiten perfiles OpenVPN personalizados son afectados por una vulnerabilidad de e... • https://vulncheck.com/advisories/asus-ovpn-rce • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 36EXPL: 1CVE-2022-26376
https://notcve.org/view.php?id=CVE-2022-26376
05 Aug 2022 — A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. Se presenta una vulnerabilidad de corrupción de memoria en la funcionalidad httpd unescape de Asuswrt versiones anteriores a 3.0.0.4.386_48706 y Asuswrt-Merlin New Gen versiones anteriores a 386.7. Una petición HTTP esp... • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1511 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 4%CPEs: 38EXPL: 0CVE-2021-41435
https://notcve.org/view.php?id=CVE-2021-41435
19 Nov 2021 — A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request.... • http://asus.com • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 7.8EPSS: 4%CPEs: 38EXPL: 0CVE-2021-41436
https://notcve.org/view.php?id=CVE-2021-41436
19 Nov 2021 — An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote unauthenticated attacker to DoS via sending a specially crafted HTTP packet. Un contrabando de... • http://asus.com • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 2%CPEs: 108EXPL: 0CVE-2021-3128
https://notcve.org/view.php?id=CVE-2021-3128
12 Apr 2021 — In ASUS RT-AX3000, ZenWiFi AX (XT8), RT-AX88U, and other ASUS routers with firmware < 3.0.0.4.386.42095 or < 9.0.0.4.386.41994, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for wh... • https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-AX-XT8-/HelpDesk_BIOS • CWE-834: Excessive Iteration •