CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-31195
https://notcve.org/view.php?id=CVE-2023-31195
13 Jun 2023 — ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 uses sensitive cookies without 'Secure' attribute. When an attacker is in a position to be able to mount a man-in-the-middle attack, and a user is tricked to log into the affected device through an unencrypted ('http') connection, the user's session may be hijacked. • https://jvn.jp/en/jp/JVN34232595 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 10.0EPSS: 4%CPEs: 38EXPL: 0CVE-2021-41435
https://notcve.org/view.php?id=CVE-2021-41435
19 Nov 2021 — A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request.... • http://asus.com • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 7.8EPSS: 4%CPEs: 38EXPL: 0CVE-2021-41436
https://notcve.org/view.php?id=CVE-2021-41436
19 Nov 2021 — An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote unauthenticated attacker to DoS via sending a specially crafted HTTP packet. Un contrabando de... • http://asus.com • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 5.3EPSS: 2%CPEs: 10EXPL: 1CVE-2021-37910 – ASUS GT-AXE11000, RT-AX3000, RT-AX55, RT-AX58U, TUF-AX3000 - Improper Authentication
https://notcve.org/view.php?id=CVE-2021-37910
12 Nov 2021 — ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has improper control of Interaction frequency vulnerability, an unauthenticated attacker can remotely disconnect other users' connections by sending specially crafted SAE authentication frames. El protocolo de acceso protegido Wi-Fi de los routers ASUS (WPA2 y WPA3-SAE), presenta un control inapropiado de la vulnerabilidad de la frecuencia de interacción, un atacante no autenticado puede desconectar remotamente las conexiones de otros usuarios... • https://github.com/efchatz/easy-exploits • CWE-799: Improper Control of Interaction Frequency •
CVSS: 7.5EPSS: 2%CPEs: 108EXPL: 0CVE-2021-3128
https://notcve.org/view.php?id=CVE-2021-3128
12 Apr 2021 — In ASUS RT-AX3000, ZenWiFi AX (XT8), RT-AX88U, and other ASUS routers with firmware < 3.0.0.4.386.42095 or < 9.0.0.4.386.41994, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for wh... • https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-AX-XT8-/HelpDesk_BIOS • CWE-834: Excessive Iteration •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-3229
https://notcve.org/view.php?id=CVE-2021-3229
05 Feb 2021 — Denial of service in ASUSWRT ASUS RT-AX3000 firmware versions 3.0.0.4.384_10177 and earlier versions allows an attacker to disrupt the use of device setup services via continuous login error. Una denegación de servicio en ASUSWRT ASUS RT-AX3000 versiones de firmware 3.0.0.4.384_10177 y anteriores, permiten a un atacante interrumpir el uso de los servicios de configuración del dispositivo por medio de un error de inicio de sesión continuo • https://github.com/fullbbadda1208/CVE-2021-3229 •