CVSS: 10.0EPSS: 2%CPEs: 8EXPL: 0CVE-2024-3912 – ASUS Router - Upload arbitrary firmware
https://notcve.org/view.php?id=CVE-2024-3912
14 Jun 2024 — Certain models of ASUS routers have an arbitrary firmware upload vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the device. Ciertos modelos de enrutadores ASUS tienen una vulnerabilidad de carga de firmware arbitraria. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad para ejecutar comandos arbitrarios del sistema en el dispositivo. • https://www.twcert.org.tw/en/cp-139-7876-396bd-2.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 32EXPL: 0CVE-2017-14698
https://notcve.org/view.php?id=CVE-2017-14698
29 Jan 2018 — ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote attackers to change passwords of arbitrary users via the http_passwd parameter to mod_login.asp. Los routers ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U y DSL-AC750 permiten ... • https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 32EXPL: 0CVE-2017-14699
https://notcve.org/view.php?id=CVE-2017-14699
29 Jan 2018 — Multiple XML external entity (XXE) vulnerabilities in the AiCloud feature on ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote authenticated users to read arbitrary files via a crafted DTD in (1) an UPDATEACCOUNT or (2) a PROPFIND request. Múltiples vulnerabilidades de XEE (XML External Entity) en la característica AiCloud en routers ASUS DSL-AC51, DS... • https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS • CWE-611: Improper Restriction of XML External Entity Reference •