CVSS: 7.5EPSS: 1%CPEs: 108EXPL: 0CVE-2021-3128
https://notcve.org/view.php?id=CVE-2021-3128
12 Apr 2021 — In ASUS RT-AX3000, ZenWiFi AX (XT8), RT-AX88U, and other ASUS routers with firmware < 3.0.0.4.386.42095 or < 9.0.0.4.386.41994, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for wh... • https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-AX-XT8-/HelpDesk_BIOS • CWE-834: Excessive Iteration •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2020-15498
https://notcve.org/view.php?id=CVE-2020-15498
26 Aug 2020 — An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_20253. The router accepts an arbitrary server certificate for a firmware update. The culprit is the --no-check-certificate option passed to wget tool used to download firmware update files. Se detectó un problema en los enrutadores ASUS RT-AC1900P versiones anteriores a 3.0.0.4.385_20253. El enrutador acepta un certificado de servidor arbitrario para una actualización de firmware. • https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=27440 • CWE-295: Improper Certificate Validation •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-15499
https://notcve.org/view.php?id=CVE-2020-15499
26 Aug 2020 — An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_20253. They allow XSS via spoofed Release Notes on the Firmware Upgrade page. Se detectó un problema en los enrutadores ASUS RT-AC1900P versiones anteriores a 3.0.0.4.385_20253. Permiten un ataque de tipo XSS por medio de Release Notes falsificadas en la página Firmware Upgrade • https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=27440 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •