CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31889
https://notcve.org/view.php?id=CVE-2023-31889
29 Apr 2024 — An issue discovered in httpd in ASUS RT-AC51U with firmware version up to and including 3.0.0.4.380.8591 allows local attackers to cause a denial of service via crafted GET request. Un problema descubierto en httpd en ASUS RT-AC51U con una versión de firmware hasta 3.0.0.4.380.8591 incluida permite a atacantes locales provocar una denegación de servicio mediante una solicitud GET manipulada. • https://gitlab.com/donnm/cves/-/blob/master/dos_rtac51u_httpd.md • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-28327
https://notcve.org/view.php?id=CVE-2024-28327
26 Apr 2024 — Asus RT-N12+ B1 router stores user passwords in plaintext, which could allow local attackers to obtain unauthorized access and modify router settings. El router Asus RT-N12+ B1 almacena las contraseñas de los usuarios en texto plano, lo que podría permitir a atacantes locales obtener acceso no autorizado y modificar la configuración del router. • https://github.com/Redfox-Secuirty/Asus-RT--N12-B1-s-Insecure-Credential-Storage-CVE--2024--28327 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-28328
https://notcve.org/view.php?id=CVE-2024-28328
26 Apr 2024 — CSV Injection vulnerability in the Asus RT-N12+ router allows administrator users to inject arbitrary commands or formulas in the client name parameter which can be triggered and executed in a different user session upon exporting to CSV format. La vulnerabilidad de inyección CSV en el router Asus RT-N12+ permite a los usuarios administradores inyectar comandos o fórmulas arbitrarias en el parámetro de nombre del cliente que pueden activarse y ejecutarse en una sesión de usuario diferente al exportar al for... • https://github.com/Redfox-Secuirty/Asus-RT--N12-B1-s-CSV-Injection-CVE--2024--28328 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30804
https://notcve.org/view.php?id=CVE-2024-30804
26 Apr 2024 — An issue discovered in the DeviceIoControl component in ASUS Fan_Xpert before v.10013 allows an attacker to execute arbitrary code via crafted IOCTL requests. Un problema descubierto en el componente DeviceIoControl en ASUS Fan_Xpert anterior a v.10013 permite a un atacante ejecutar código arbitrario a través de solicitudes IOCTL manipuladas. • https://github.com/DriverHunter/Win-Driver-EXP/tree/main/CVE-2024-30804 • CWE-782: Exposed IOCTL with Insufficient Access Control •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-28325
https://notcve.org/view.php?id=CVE-2024-28325
26 Apr 2024 — Asus RT-N12+ B1 router stores credentials in cleartext, which could allow local attackers to obtain unauthorized access and modify router settings. El router Asus RT-N12+ B1 almacena las credenciales en texto plano, lo que podría permitir a atacantes locales obtener acceso no autorizado y modificar la configuración del router. • https://github.com/Redfox-Secuirty/Asus-RT-N12-B1-s-Credentials-Stored-in-Cleartext--CVE--2024--28325 • CWE-256: Plaintext Storage of a Password CWE-522: Insufficiently Protected Credentials •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2024-28326
https://notcve.org/view.php?id=CVE-2024-28326
26 Apr 2024 — Incorrect Access Control in Asus RT-N12+ B1 routers allows local attackers to obtain root terminal access via the the UART interface. El control de acceso incorrecto en los routers Asus RT-N12+ B1 permite a atacantes locales obtener acceso al terminal raíz a través de la interfaz UART. Incorrect Access Control in ASUS RT-N12+ B1 and RT-N12 D1 routers allows local attackers to obtain root terminal access via the the UART interface. • https://github.com/Redfox-Secuirty/Asus-RT--N12-B1-s-Privilege-Escalation--CVE--2024--28326 • CWE-1263: Improper Physical Access Control •
CVSS: 9.0EPSS: 11%CPEs: 3EXPL: 1CVE-2024-1655 – ASUS WiFi Router - OS Command Injection
https://notcve.org/view.php?id=CVE-2024-1655
15 Apr 2024 — Certain ASUS WiFi routers models has an OS Command Injection vulnerability, allowing an authenticated remote attacker to execute arbitrary system commands by sending a specially crafted request. Ciertos modelos de routers WiFi ASUS tienen una vulnerabilidad de inyección de comandos del sistema operativo, lo que permite a un atacante remoto autenticado ejecutar comandos arbitrarios del sistema enviando una solicitud especialmente manipulada. • https://github.com/lnversed/CVE-2024-1655 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-26342
https://notcve.org/view.php?id=CVE-2024-26342
28 Feb 2024 — A Null pointer dereference in usr/sbin/httpd in ASUS AC68U 3.0.0.4.384.82230 allows remote attackers to trigger DoS via network packet. Una desreferencia de puntero nulo en usr/sbin/httpd en ASUS AC68U 3.0.0.4.384.82230 permite a atacantes remotos activar DoS a través de paquetes de red. • https://github.com/Nicholas-wei/bug-discovery/blob/main/asus/2/ASUS_ac68u.md • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2023-5716 – ASUS Armoury Crate - Arbitrary File Write
https://notcve.org/view.php?id=CVE-2023-5716
19 Jan 2024 — ASUS Armoury Crate has a vulnerability in arbitrary file write and allows remote attackers to access or modify arbitrary files by sending specific HTTP requests without permission. ASUS Armory Crate tiene una vulnerabilidad en la escritura de archivos arbitrarios y permite a atacantes remotos acceder o modificar archivos arbitrarios enviando solicitudes HTTP específicas sin permiso. • https://www.twcert.org.tw/tw/cp-132-7666-fffce-1.html • CWE-306: Missing Authentication for Critical Function CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-47678
https://notcve.org/view.php?id=CVE-2023-47678
15 Nov 2023 — An improper access control vulnerability exists in RT-AC87U all versions. An attacker may read or write files that are not intended to be accessed by connecting to a target device via tftp. Existe una vulnerabilidad de control de acceso inadecuado en todas las versiones del RT-AC87U. Un atacante puede leer o escribir archivos a los que no está previsto acceder conectándose a un dispositivo de destino a través de tftp. • https://jvn.jp/en/vu/JVNVU96079387 • CWE-284: Improper Access Control •