CVE-2021-40556
https://notcve.org/view.php?id=CVE-2021-40556
A stack overflow vulnerability exists in the httpd service in ASUS RT-AX56U Router Version 3.0.0.4.386.44266. This vulnerability is caused by the strcat function called by "caupload" input handle function allowing the user to enter 0xFFFF bytes into the stack. This vulnerability allows an attacker to execute commands remotely. The vulnerability requires authentication. Se presenta una vulnerabilidad de desbordamiento de pila en el servicio httpd del router ASUS RT-AX56U versión 3.0.0.4.386.44266. • https://www.asus.com/tw/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX56U/HelpDesk_BIOS https://x1ng.top/2021/10/14/ASUS%E6%A0%88%E6%BA%A2%E5%87%BA%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90 • CWE-787: Out-of-bounds Write •
CVE-2022-38699 – ASUS Armoury Crate Service - Arbitrary File Creation via Elevation of Privilege Flaw
https://notcve.org/view.php?id=CVE-2022-38699
Armoury Crate Service’s logging function has insufficient validation to check if the log file is a symbolic link. A physical attacker with general user privilege can modify the log file property to a symbolic link that points to arbitrary system file, causing the logging function to overwrite the system file and disrupt the system. La función logging de Armoury Crate Service presenta una comprobación insuficiente para comprobar si el archivo de registro es un enlace simbólico. Un atacante físico con privilegio de usuario general puede modificar la propiedad del archivo de registro a un enlace simbólico que apunte a un archivo de sistema arbitrario, causando que la función de registro sobrescriba el archivo de sistema y perturbe el sistema • https://www.twcert.org.tw/tw/cp-132-6522-4eacb-1.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2021-41437
https://notcve.org/view.php?id=CVE-2021-41437
An HTTP response splitting attack in web application in ASUS RT-AX88U before v3.0.0.4.388.20558 allows an attacker to craft a specific URL that if an authenticated victim visits it, the URL will give access to the cloud storage of the attacker. Un ataque de división de la respuesta HTTP en la aplicación web en ASUS RT-AX88U versiones anteriores a v3.0.0.4.388.20558, permite a un atacante diseñar una URL específica que si una víctima autenticada la visita, la URL dará acceso al almacenamiento en la nube del atacante. • https://github.com/efchatz/easy-exploits/tree/main/Web/ASUS/CVE-2021-41437 https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-Gaming-Routers/RT-AX88U/HelpDesk_BIOS • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2022-26376
https://notcve.org/view.php?id=CVE-2022-26376
A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. Se presenta una vulnerabilidad de corrupción de memoria en la funcionalidad httpd unescape de Asuswrt versiones anteriores a 3.0.0.4.386_48706 y Asuswrt-Merlin New Gen versiones anteriores a 386.7. Una petición HTTP especialmente diseñada puede conllevar a una corrupción de memoria. • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1511 • CWE-787: Out-of-bounds Write •
CVE-2022-35899 – Asus GameSDK v1.0.0.4 - 'GameSDK.exe' Unquoted Service Path
https://notcve.org/view.php?id=CVE-2022-35899
There is an unquoted service path in ASUSTeK Aura Ready Game SDK service (GameSDK.exe) 1.0.0.4. This might allow a local user to escalate privileges by creating a %PROGRAMFILES(X86)%\ASUS\GameSDK.exe file. Se presenta una ruta de servicio no citada en el servicio ASUSTeK Aura Ready Game SDK (GameSDK.exe) versión 1.0.0.4. Esto podría permitir a un usuario local escalar privilegios al crear un archivo %PROGRAMFILES(X86)%\NASUS\NGameSDK.exe Asus GameSDK version 1.0.0.4 suffers from an unquoted service path vulnerability in GameSDK.exe. • https://www.exploit-db.com/exploits/50985 https://github.com/angelopioamirante/CVE-2022-35899 https://github.com/AngeloPioAmirante/CVE-2022-35899 https://packetstormsecurity.com/files/167763/Asus-GameSDK-1.0.0.4-Unquoted-Service-Path.html • CWE-428: Unquoted Search Path or Element •