CVSS: 4.6EPSS: 0%CPEs: 5EXPL: 0CVE-2024-11985
https://notcve.org/view.php?id=CVE-2024-11985
04 Dec 2024 — An improper input validation vulnerability leads to device crashes in certain ASUS router models. Refer to the '12/03/2024 ASUS Router Improper Input Validation' section on the ASUS Security Advisory for more information. • https://www.asus.com/content/asus-product-security-advisory • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 70%CPEs: 7EXPL: 0CVE-2024-3080 – ASUS Router - Improper Authentication
https://notcve.org/view.php?id=CVE-2024-3080
14 Jun 2024 — Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device. Ciertos modelos de enrutadores ASUS tienen una vulnerabilidad de omisión de autenticación, lo que permite a atacantes remotos no autenticados iniciar sesión en el dispositivo. • https://www.twcert.org.tw/en/cp-139-7860-760b1-2.html • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2024-3079 – ASUS Router - Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2024-3079
14 Jun 2024 — Certain models of ASUS routers have buffer overflow vulnerabilities, allowing remote attackers with administrative privileges to execute arbitrary commands on the device. Ciertos modelos de enrutadores ASUS tienen vulnerabilidades de desbordamiento de búfer, lo que permite a atacantes remotos con privilegios administrativos ejecutar comandos arbitrarios en el dispositivo. • https://www.twcert.org.tw/en/cp-139-7858-3c978-2.html • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 11%CPEs: 3EXPL: 1CVE-2024-1655 – ASUS WiFi Router - OS Command Injection
https://notcve.org/view.php?id=CVE-2024-1655
15 Apr 2024 — Certain ASUS WiFi routers models has an OS Command Injection vulnerability, allowing an authenticated remote attacker to execute arbitrary system commands by sending a specially crafted request. Ciertos modelos de routers WiFi ASUS tienen una vulnerabilidad de inyección de comandos del sistema operativo, lo que permite a un atacante remoto autenticado ejecutar comandos arbitrarios del sistema enviando una solicitud especialmente manipulada. • https://github.com/lnversed/CVE-2024-1655 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •