CVE-2020-15498
https://notcve.org/view.php?id=CVE-2020-15498
An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_20253. The router accepts an arbitrary server certificate for a firmware update. The culprit is the --no-check-certificate option passed to wget tool used to download firmware update files. Se detectó un problema en los enrutadores ASUS RT-AC1900P versiones anteriores a 3.0.0.4.385_20253. El enrutador acepta un certificado de servidor arbitrario para una actualización de firmware. • https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=27440 • CWE-295: Improper Certificate Validation •
CVE-2020-15499
https://notcve.org/view.php?id=CVE-2020-15499
An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_20253. They allow XSS via spoofed Release Notes on the Firmware Upgrade page. Se detectó un problema en los enrutadores ASUS RT-AC1900P versiones anteriores a 3.0.0.4.385_20253. Permiten un ataque de tipo XSS por medio de Release Notes falsificadas en la página Firmware Upgrade • https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=27440 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-15009
https://notcve.org/view.php?id=CVE-2020-15009
AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe in ScreenPad2_Upgrade_Tool.msi V1.0.3 for ASUS PCs with ScreenPad 1.0 (UX450FDX, UX550GDX and UX550GEX) could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name. Los archivos AsusScreenXpertServicec.exe y ScreenXpertUpgradeServiceManager.exe en ScreenPad2_Upgrade_Tool.msi versión V1.0.3 para PCs ASUS con ScreenPad versión 1.0 (UX450FDX, UX550GDX y UX550GEX), podrían conllevar a una ejecución de código sin firmar sin restricciones adicionales cuando un usuario coloca una aplicación en una ruta particular con un nombre de archivo particular • https://drive.google.com/file/d/1ClzHH5Jw3PgZw74RvKrEP8xU0TUc5Ta0/view?usp=sharing https://www.asus.com/Static_WebPage/ASUS-Product-Security-Advisory https://www.asus.com/support/FAQ/1043674 • CWE-426: Untrusted Search Path •
CVE-2020-12695 – hostapd: UPnP SUBSCRIBE misbehavior in WPS AP
https://notcve.org/view.php?id=CVE-2020-12695
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. La especificación UPnP de Open Connectivity Foundation antes del 17-04-2020 no prohíbe la aceptación de una petición de suscripción con una URL de entrega en un segmento de red diferente a la URL de suscripción de evento totalmente calificada, también se conoce como el problema de CallStranger • https://github.com/yunuscadirci/CallStranger http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html http://www.openwall.com/lists/oss-security/2020/06/08/2 https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek https://github.com/corelight/callstranger-detector https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html https://lists.debian.org/debian-l • CWE-276: Incorrect Default Permissions CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2019-17603 – ASUS Aura Sync 1.07.71 Privilege Escalation
https://notcve.org/view.php?id=CVE-2019-17603
Ene.sys in Asus Aura Sync through 1.07.71 does not properly validate input to IOCTL 0x80102044, 0x80102050, and 0x80102054, which allows local users to cause a denial of service (system crash) or gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption. La biblioteca Ene.sys en Asus Aura Sync versiones hasta 1.07.71, no comprueba apropiadamente la entrada a IOCTL 0x80102044, 0x80102050 y 0x80102054, lo que permite a usuarios locales causar una denegación de servicio (bloqueo del sistema) o alcanzar privilegios por medio de peticiones IOCTL que usan direcciones de kernel diseñadas que desencadenan una corrupción de memoria. • http://packetstormsecurity.com/files/158221/ASUS-Aura-Sync-1.07.71-Privilege-Escalation.html https://zer0-day.pw/2020-06/asus-aura-sync-stack-based-buffer-overflow • CWE-787: Out-of-bounds Write •