CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3464
https://notcve.org/view.php?id=CVE-2025-3464
16 Jun 2025 — A race condition vulnerability exists in Armoury Crate. This vulnerability arises from a Time-of-check Time-of-use issue, potentially leading to authentication bypass. Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information. A race condition vulnerability exists in Armoury Crate. This vulnerability arises from a Time-of-check Time-of-use issue, potentially leading to authentication bypass. Refer to the 'Security Update for Armoury Crate App' section on... • https://www.asus.com/content/asus-product-security-advisory • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1533
https://notcve.org/view.php?id=CVE-2025-1533
12 May 2025 — A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may leading to a system crash (BSOD) or other potentially undefined execution. Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information. A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may leading to a system crash (BSOD) or other potentially undefi... • https://www.asus.com/content/asus-product-security-advisory • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3463
https://notcve.org/view.php?id=CVE-2025-3463
09 May 2025 — "This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests. Refer to the 'Security Update for ASUS DriverHub' section on the ASUS Security Advisory for more information. "This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation vulnerability in AS... • https://www.asus.com/content/asus-product-security-advisory • CWE-295: Improper Certificate Validation •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3462
https://notcve.org/view.php?id=CVE-2025-3462
09 May 2025 — "This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation in ASUS DriverHub may allow unauthorized sources to interact with the software's features via crafted HTTP requests. Refer to the 'Security Update for ASUS DriverHub' section on the ASUS Security Advisory for more information. "This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation in ASUS DriverH... • https://www.asus.com/content/asus-product-security-advisory • CWE-346: Origin Validation Error •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2025-2027
https://notcve.org/view.php?id=CVE-2025-2027
28 Mar 2025 — A double free vulnerability has been identified in the ASUS System Analysis service. This vulnerability can be triggered by sending specially crafted local RPC requests, leading to the service crash and potentially memory manipulation in some rare circumstances. Refer to the 'Security Update for MyASUS' section on the ASUS Security Advisory for more information. A double free vulnerability has been identified in the ASUS System Analysis service. This vulnerability can be triggered by sending specially craft... • https://www.asus.com/content/asus-product-security-advisory • CWE-415: Double Free •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-1354
https://notcve.org/view.php?id=CVE-2025-1354
16 Feb 2025 — A vulnerability was found in Asus RT-N12E 2.0.0.19. It has been classified as problematic. Affected is an unknown function of the file sysinfo.asp. The manipulation of the argument SSID leads to cross site scripting. It is possible to launch the attack remotely. • https://vuldb.com/?ctiid.295962 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12957
https://notcve.org/view.php?id=CVE-2024-12957
23 Jan 2025 — A file handling command vulnerability in certain versions of Armoury Crate may result in arbitrary file deletion. Refer to the '01/23/2025 Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information. Una vulnerabilidad en el comando de gestión de archivos en ciertas versiones de Armoury Crate puede provocar la eliminación arbitraria de archivos. Consulta la sección "Actualización de seguridad del 23/01/2025 para la aplicación Armoury Crate" en el Aviso de seguridad de A... • https://www.asus.com/content/asus-product-security-advisory • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-55408
https://notcve.org/view.php?id=CVE-2024-55408
06 Jan 2025 — An issue in the AsusSAIO.sys component of ASUS System Analysis IO v1.0.0 allows attackers to perform arbitrary read and write actions via supplying crafted IOCTL requests. Un problema en el componente AsusSAIO.sys de ASUS System Analysis IO v1.0.0 permite a los atacantes realizar acciones de lectura y escritura arbitrarias mediante el suministro de solicitudes IOCTL manipuladas. An improper access control vulnerability in the AsusSAIO.sys driver may lead to the misuse of software functionality utilizing the... • http://asus.com • CWE-862: Missing Authorization •
CVSS: 4.6EPSS: 0%CPEs: 5EXPL: 0CVE-2024-11985
https://notcve.org/view.php?id=CVE-2024-11985
04 Dec 2024 — An improper input validation vulnerability leads to device crashes in certain ASUS router models. Refer to the '12/03/2024 ASUS Router Improper Input Validation' section on the ASUS Security Advisory for more information. • https://www.asus.com/content/asus-product-security-advisory • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2024-42757
https://notcve.org/view.php?id=CVE-2024-42757
15 Aug 2024 — Command injection vulnerability in Asus RT-N15U 3.0.0.4.376_3754 allows a remote attacker to execute arbitrary code via the netstat function page. • https://github.com/Nop3z/CVE/blob/main/Asus/FW_RT_N15U_30043763754/FW_RT_N15U_30043763754%20RCE.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •