CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41348 – ASUS RT-AX55 - command injection - 4
https://notcve.org/view.php?id=CVE-2023-41348
03 Nov 2023 — ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its code-authentication module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services. La función relacionada con la autenticación de ASUS RT-AX55 tiene una vulnerabilidad de filtrado insuficiente de caracteres especiales dentro de su módulo de autenticación de código. ... • https://www.twcert.org.tw/tw/cp-132-7499-63907-1.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41347 – ASUS RT-AX55 - command injection - 3
https://notcve.org/view.php?id=CVE-2023-41347
03 Nov 2023 — ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its check token module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services. La función relacionada con la autenticación de ASUS RT-AX55 tiene una vulnerabilidad de filtrado insuficiente de caracteres especiales dentro de su módulo de token de verificación. Un atacant... • https://www.twcert.org.tw/tw/cp-132-7498-18012-1.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41346 – ASUS RT-AX55 - command injection - 2
https://notcve.org/view.php?id=CVE-2023-41346
03 Nov 2023 — ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-refresh module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services. La función relacionada con la autenticación de ASUS RT-AX55 tiene una vulnerabilidad de filtrado insuficiente de caracteres especiales dentro de su módulo de actualización de token. Un atac... • https://www.twcert.org.tw/tw/cp-132-7497-f92ac-1.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41345 – ASUS RT-AX55 - command injection - 1
https://notcve.org/view.php?id=CVE-2023-41345
03 Nov 2023 — ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-generated module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system, or terminate services. La función relacionada con la autenticación de ASUS RT-AX55 tiene una vulnerabilidad de filtrado insuficiente de caracteres especiales dentro de su módulo generado por token. Un atacante... • https://www.twcert.org.tw/tw/cp-132-7496-96e2c-1.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 1%CPEs: 2EXPL: 6CVE-2023-39780
https://notcve.org/view.php?id=CVE-2023-39780
11 Sep 2023 — ASUS RT-AX55 v3.0.0.4.386.51598 was discovered to contain an authenticated command injection vulnerability. Se descubrió que ASUS RT-AX55 v3.0.0.4.386.51598 contenía una vulnerabilidad de inyección de comandos autenticados. • https://github.com/D2y6p/CVE/blob/main/asus/CVE-2023-39780/1/EN.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 36EXPL: 1CVE-2022-26376
https://notcve.org/view.php?id=CVE-2022-26376
05 Aug 2022 — A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. Se presenta una vulnerabilidad de corrupción de memoria en la funcionalidad httpd unescape de Asuswrt versiones anteriores a 3.0.0.4.386_48706 y Asuswrt-Merlin New Gen versiones anteriores a 386.7. Una petición HTTP esp... • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1511 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 2%CPEs: 108EXPL: 0CVE-2021-3128
https://notcve.org/view.php?id=CVE-2021-3128
12 Apr 2021 — In ASUS RT-AX3000, ZenWiFi AX (XT8), RT-AX88U, and other ASUS routers with firmware < 3.0.0.4.386.42095 or < 9.0.0.4.386.41994, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for wh... • https://www.asus.com/Networking-IoT-Servers/Whole-Home-Mesh-WiFi-System/ZenWiFi-WiFi-Systems/ASUS-ZenWiFi-AX-XT8-/HelpDesk_BIOS • CWE-834: Excessive Iteration •