CVSS: 10.0EPSS: 6%CPEs: 56EXPL: 1CVE-2017-11420
https://notcve.org/view.php?id=CVE-2017-11420
18 Jul 2017 — Stack-based buffer overflow in ASUS_Discovery.c in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code via long device informatio... • http://www.openwall.com/lists/oss-security/2017/07/13/1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 56EXPL: 0CVE-2017-11344
https://notcve.org/view.php?id=CVE-2017-11344
16 Jul 2017 — Global buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to write shellcode at any address in the heap; this can be used to execute ar... • http://www.openwall.com/lists/oss-security/2017/07/14/3 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 1%CPEs: 56EXPL: 0CVE-2017-11345
https://notcve.org/view.php?id=CVE-2017-11345
16 Jul 2017 — Stack buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code on the router by hosting a crafted device descriptio... • http://www.openwall.com/lists/oss-security/2017/07/14/3 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2014-7269
https://notcve.org/view.php?id=CVE-2014-7269
01 Feb 2015 — ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors. Los routers ASUS JAPAN RT-AC87U con firmware 3.0.0.4.378.3754 y anteriores, los routers RT-AC68U con fir... • http://jvn.jp/en/jp/JVN77792759/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2014-7270
https://notcve.org/view.php?id=CVE-2014-7270
01 Feb 2015 — Cross-site request forgery (CSRF) vulnerability on ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allows remote attackers to hijack the authentication of arbitrary users. Vulnerabilidad de CSRF en los routers ASUS JAPAN RT-AC87U con firmware ... • http://jvn.jp/en/jp/JVN32631078/index.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 37%CPEs: 5EXPL: 2CVE-2013-5948 – Asus RT56U 3.0.0.4.360 - Remote Command Injection
https://notcve.org/view.php?id=CVE-2013-5948
21 Apr 2014 — The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the Target field (destIP parameter). La etiqueta Network Analysis (Main_Analysis_Content.asp) en los routers ASUS RT-AC68U y otros series RT con firmware anterior a 3.0.0.4.374.5047 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de metacaracteres d... • https://www.exploit-db.com/exploits/25998 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 2CVE-2014-2925
https://notcve.org/view.php?id=CVE-2014-2925
21 Apr 2014 — Cross-site scripting (XSS) vulnerability in Advanced_Wireless_Content.asp in ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote attackers to inject arbitrary web script or HTML via the current_page parameter to apply.cgi. Vulnerabilidad de XSS en Advanced_Wireless_Content.asp en routers ASUS RT-AC68U y otros de la serie RT con firmware anterior a 3.0.0.4.374.5047 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través del parámetro current_page ... • http://seclists.org/fulldisclosure/2014/Apr/59 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 52EXPL: 1CVE-2014-2719 – ASUS RT Password Disclosure
https://notcve.org/view.php?id=CVE-2014-2719
17 Apr 2014 — Advanced_System_Content.asp in the ASUS RT series routers with firmware before 3.0.0.4.374.5517, when an administrator session is active, allows remote authenticated users to obtain the administrator user name and password by reading the source code. Advanced_System_Content.asp en routers de la serie ASUS RT con firmware anterior a 3.0.0.4.374.5517, cuando una sesión de administrador está activa, permite a usuarios remotos autenticados obtener el nombre de usuario y contraseña del administrador mediante la ... • https://packetstorm.news/files/id/126213 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •