Page 43 of 265 results (0.011 seconds)

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

Cross-site scripting vulnerability in ASUS RT-AC87U Firmware version prior to 3.0.0.4.378.9383 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-Site Scripting (XSS) en ASUS RT-AC87U con versión de firmware anterior a la 3.0.0.4.378.9383, permite que los atacantes remotos inyecten scripts web o HTML arbitrarios utilizando vectores no especificados. • http://jvn.jp/en/jp/JVN33901663/index.html https://www.asus.com/Networking/RTAC87U/HelpDesk_BIOS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 8%CPEs: 26EXPL: 0

ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13, and RT-N12 D1 routers with firmware before 3.0.0.4.380.8228; RT-AC52U B1, RT-AC1200 and RT-N600 routers with firmware before 3.0.0.4.380.10446; RT-AC55U and RT-AC55UHP routers with firmware before 3.0.0.4.382.50276; RT-AC86U and RT-AC2900 routers with firmware before 3.0.0.4.384.20648; and possibly other RT-series routers allow remote attackers to execute arbitrary code via unspecified vectors. Los routers ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13 y RT-N12 D1 con firmware anterior a 3.0.0.4.380.8228; los routers RT-AC52U B1, RT-AC1200 y RT-N600 con firmware anterior a 3.0.0.4.380.10446; los routers RT-AC55U y RT-AC55UHP con firmware anterior a 3.0.0.4.382.50276; los routers RT-AC86U y RT-AC2900 con firmware anterior a 3.0.0.4.384.20648; y posiblemente otros routers de la serie RT, permiten que atacantes remotos ejecuten código arbitrario mediante vectores sin especificar. • https://www.asus.com/Networking/RT-AC2900/HelpDesk_BIOS https://www.asus.com/Networking/RT-AC52U-B1/HelpDesk_BIOS https://www.asus.com/ca-en/Networking/RT-N600/HelpDesk_Download https://www.asus.com/sg/Networking/RT-AC58U/HelpDesk_BIOS https://www.asus.com/us/Networking/RT-AC1200/HelpDesk_BIOS https://www.asus.com/us/Networking/RT-AC1750/HelpDesk_BIOS https://www.asus.com/us/Networking/RT-AC86U/HelpDesk_BIOS https://www.asus.com/us/Networking/RT-ACRH13/HelpDesk_BIOS • CWE-20: Improper Input Validation •

CVSS: 10.0EPSS: 0%CPEs: 22EXPL: 0

Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.384_10007; RT-N18U devices before 3.0.0.4.382.39935; RT-AC87U and RT-AC3200 devices before 3.0.0.4.382.50010; and RT-AC5300 devices before 3.0.0.4.384.20287 allows OS command injection via the pingCNT and destIP fields of the SystemCmd variable. Main_Analysis_Content.asp en /apply.cgi en dispositivos ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900 y en dispositivos RT-AC3100 en versiones anteriores a la 3.0.0.4.384_10007; dispositivos RT-N18U en versiones anteriores a la 3.0.0.4.382.39935; dispositivos RT-AC87U y RT-AC3200 en versiones anteriores a la 3.0.0.4.382.50010; y dispositivos RT-AC5300 en versiones anteriores a la 3.0.0.4.384.20287 permite la inyección de comandos del sistema operativo mediante los campos pingCNT y destIP de la variable SystemCmd. • http://packetstormsecurity.com/files/160049/ASUS-TM-AC1900-Arbitrary-Command-Execution.html https://fortiguard.com/zeroday/FG-VD-17-216 https://www.fortinet.com/blog/threat-research/fortiguard-labs-discovers-vulnerability-in-asus-router.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1

ASUS RT-N14UHP devices before 3.0.0.4.380.8015 have a reflected XSS vulnerability in the "flag" parameter. Los dispositivos ASUS RT-N14UHP, en versiones anteriores a la 3.0.0.4.380.8015, tienen una vulnerabilidad de Cross-Site Scripting (XSS) reflejado en el parámetro "flag". • https://iscouncil.blogspot.com/2018/03/asus-rt-n14uhp-cross-site-scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 32EXPL: 0

Multiple XML external entity (XXE) vulnerabilities in the AiCloud feature on ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote authenticated users to read arbitrary files via a crafted DTD in (1) an UPDATEACCOUNT or (2) a PROPFIND request. Múltiples vulnerabilidades de XEE (XML External Entity) en la característica AiCloud en routers ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U y DSL-AC750 permiten que usuarios autenticados remotos lean archivos arbitrarios mediante un DTD manipulado en una petición (1) UPDATEACCOUNT o (2) PROPFIND. • https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers • CWE-611: Improper Restriction of XML External Entity Reference •