CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33278
https://notcve.org/view.php?id=CVE-2024-33278
24 Jun 2024 — Buffer Overflow vulnerability in ASUS router RT-AX88U with firmware versions v3.0.0.4.388_24198 allows a remote attacker to execute arbitrary code via the connection_state_machine due to improper length validation for the cookie field. Vulnerabilidad de desbordamiento de búfer en el enrutador ASUS RT-AX88U con versiones de firmware v3.0.0.4.388_24198 permite a un atacante remoto ejecutar código arbitrario a través de Connection_state_machine debido a una validación de longitud incorrecta para el campo de co... • https://gist.github.com/viktoredstrom/cd2580fb0e93e47133b2998553b0a52f • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2024-3912 – ASUS Router - Upload arbitrary firmware
https://notcve.org/view.php?id=CVE-2024-3912
14 Jun 2024 — Certain models of ASUS routers have an arbitrary firmware upload vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the device. Ciertos modelos de enrutadores ASUS tienen una vulnerabilidad de carga de firmware arbitraria. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad para ejecutar comandos arbitrarios del sistema en el dispositivo. • https://www.twcert.org.tw/en/cp-139-7876-396bd-2.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31162 – ASUS Download Master - OS Command Injection
https://notcve.org/view.php?id=CVE-2024-31162
14 Jun 2024 — The specific function parameter of ASUS Download Master does not properly filter user input. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the device. El parámetro de función específica de ASUS Download Master no filtra adecuadamente la entrada del usuario. Un atacante remoto no autenticado con privilegios administrativos puede aprovechar esta vulnerabilidad para ejecutar comandos arbitrarios del sistema en el disposi... • https://www.twcert.org.tw/en/cp-139-7868-8a760-2.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31161 – ASUS Download Master - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-31161
14 Jun 2024 — The upload functionality of ASUS Download Master does not properly filter user input. Remote attackers with administrative privilege can exploit this vulnerability to upload any file to any location. They may even upload malicious web page files to the website directory, allowing arbitrary system commands to be executed upon browsing the webpage. La funcionalidad de carga de ASUS Download Master no filtra adecuadamente la entrada del usuario. Los atacantes remotos con privilegios administrativos pueden apro... • https://www.twcert.org.tw/en/cp-139-7866-469e0-2.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31160 – ASUS Download Master - Stored XSS
https://notcve.org/view.php?id=CVE-2024-31160
14 Jun 2024 — The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Stored Cross-site scripting attacks. El parámetro utilizado en determinada página de ASUS Download Master no se filtra correctamente para la entrada del usuario. Un atacante remoto con privilegios administrativos puede insertar código JavaScript en el parámetro para ataques de Cross-Site Scripting Almacenado. • https://www.twcert.org.tw/en/cp-139-7864-d7a0d-2.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31159 – ASUS Download Master - Reflected XSS
https://notcve.org/view.php?id=CVE-2024-31159
14 Jun 2024 — The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Reflected Cross-site scripting attacks. El parámetro utilizado en determinada página de ASUS Download Master no se filtra correctamente para la entrada del usuario. Un atacante remoto con privilegios administrativos puede insertar código JavaScript en el parámetro para ataques de Cross-site scripting reflejado. • https://www.twcert.org.tw/en/cp-139-7862-e43e4-2.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 76%CPEs: 7EXPL: 0CVE-2024-3080 – ASUS Router - Improper Authentication
https://notcve.org/view.php?id=CVE-2024-3080
14 Jun 2024 — Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device. Ciertos modelos de enrutadores ASUS tienen una vulnerabilidad de omisión de autenticación, lo que permite a atacantes remotos no autenticados iniciar sesión en el dispositivo. • https://www.twcert.org.tw/en/cp-139-7860-760b1-2.html • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2024-3079 – ASUS Router - Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2024-3079
14 Jun 2024 — Certain models of ASUS routers have buffer overflow vulnerabilities, allowing remote attackers with administrative privileges to execute arbitrary commands on the device. Ciertos modelos de enrutadores ASUS tienen vulnerabilidades de desbordamiento de búfer, lo que permite a atacantes remotos con privilegios administrativos ejecutar comandos arbitrarios en el dispositivo. • https://www.twcert.org.tw/en/cp-139-7858-3c978-2.html • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.5EPSS: 1%CPEs: 15EXPL: 0CVE-2024-0401 – ASUS OVPN RCE
https://notcve.org/view.php?id=CVE-2024-0401
20 May 2024 — ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. An authenticated and remote attacker can execute arbitrary operating system commands by uploading a crafted OVPN profile. Known affected routers include ASUS ExpertWiFi, ASUS RT-AX55, ASUS RT-AX58U, ASUS RT-AC67U, ASUS RT-AC68R, ASUS RT-AC68U, ASUS RT-AX86, ASUS RT-AC86U, ASUS RT-AX88U, and ASUS RT-AX3000. Los enrutadores ASUS que admiten perfiles OpenVPN personalizados son afectados por una vulnerabilidad de e... • https://vulncheck.com/advisories/asus-ovpn-rce • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33548
https://notcve.org/view.php?id=CVE-2023-33548
06 May 2024 — Cross Site Scripting (XSS) vulnerability in ASUS RT-AC51U with firmware versions up to and including 3.0.0.4.380.8591 allows attackers to run arbitrary code via the WPA Pre-Shared Key field. Vulnerabilidad de Cross Site Scripting (XSS) en ASUS RT-AC51U con versiones de firmware hasta 3.0.0.4.380.8591 incluida permite a atacantes ejecutar código arbitrario a través del campo WPA Pre-Shared Key. • https://github.com/Idaht/ASUS_RT-AC51U_CVE/blob/main/XSS%20-%20WPA%20Pre-Shared%20Key • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •