CVE-2019-20082
https://notcve.org/view.php?id=CVE-2019-20082
ASUS RT-N53 3.0.0.4.376.3754 devices have a buffer overflow via a long lan_dns1_x or lan_dns2_x parameter to Advanced_LAN_Content.asp. Los dispositivos ASUS RT-N53 versión 3.0.0.4.376.3754, presentan un desbordamiento de búfer por medio de un parámetro largo lan_dns1_x o lan_dns2_x en el archivo Advanced_LAN_Content.asp • https://github.com/pr0v3rbs/CVE/tree/master/CVE-2019-20082 https://www.asus.com • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2021-41435
https://notcve.org/view.php?id=CVE-2021-41435
A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request. Una omisión de protección por fuerza bruta en la protección CAPTCHA en ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) versiones anteriores a 3.0.4.386. 0.0.4.386.45898, y RT-AX68U versiones anteriores a 3.0.0.4.386.45911, permite a un atacante remoto intentar cualquier número de intentos de inicio de sesión por medio del envío de una petición HTTP específica • http://asus.com https://rog.asus.com/networking/rog-rapture-gt-ax11000-model/helpdesk_bios https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-AX-XT8-/HelpDesk_BIOS https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-XD6/HelpDesk_BIOS https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX3000/HelpDesk_BIOS https://www.asus.com/Networking-IoT-Servers/WiFi-Route • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVE-2021-41436
https://notcve.org/view.php?id=CVE-2021-41436
An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote unauthenticated attacker to DoS via sending a specially crafted HTTP packet. Un contrabando de peticiones HTTP en la aplicación web en ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) versiones anteriores a 3.0.4.386. 0.0.4.386.45898, y RT-AX68U versiones anteriores a 3.0.0.4.386.45911, permite a un atacante remoto no autenticado hacer DoS por medio del envío de un paquete HTTP especialmente diseñado • http://asus.com https://rog.asus.com/networking/rog-rapture-gt-ax11000-model/helpdesk_bios https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-AX-XT8-/HelpDesk_BIOS https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-XD6/HelpDesk_BIOS https://www.asus.com/Networking-IoT-Servers/WiFi-Routers/ASUS-WiFi-Routers/RT-AX3000/HelpDesk_BIOS https://www.asus.com/Networking-IoT-Servers/WiFi-Route • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVE-2021-41289 – ASUS P453UJ - Improper Restriction of Operations within the Bounds of a Memory Buffer
https://notcve.org/view.php?id=CVE-2021-41289
ASUS P453UJ contains the Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability. With a general user’s permission, local attackers can modify the BIOS by replacing or filling in the content of the designated Memory DataBuffer, which causing a failure of integrity verification and further resulting in a failure to boot. ASUS P453UJ contiene una vulnerabilidad de restricción inapropiada de operaciones dentro de los límites de un búfer de memoria. Con el permiso de un usuario general, atacantes locales pueden modificar la BIOS sustituyendo o rellenando el contenido del Memory DataBuffer designado, lo que causa un fallo en la verificación de la integridad y, además, resulta en un fallo en el arranque • https://www.asus.com/tw/supportonly/P453UJ/HelpDesk_BIOS https://www.twcert.org.tw/tw/cp-132-5284-35790-1.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2021-37910 – ASUS GT-AXE11000, RT-AX3000, RT-AX55, RT-AX58U, TUF-AX3000 - Improper Authentication
https://notcve.org/view.php?id=CVE-2021-37910
ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has improper control of Interaction frequency vulnerability, an unauthenticated attacker can remotely disconnect other users' connections by sending specially crafted SAE authentication frames. El protocolo de acceso protegido Wi-Fi de los routers ASUS (WPA2 y WPA3-SAE), presenta un control inapropiado de la vulnerabilidad de la frecuencia de interacción, un atacante no autenticado puede desconectar remotamente las conexiones de otros usuarios enviando tramas de autenticación SAE especialmente diseñadas • https://www.twcert.org.tw/tw/cp-132-5259-22a26-1.html • CWE-799: Improper Control of Interaction Frequency •