CVSS: 9.3EPSS: 0%CPEs: 14EXPL: 0CVE-2013-3093
https://notcve.org/view.php?id=CVE-2013-3093
ASUS RT-N56U devices allow CSRF. Los dispositivos ASUS RT-N56U, permiten un ataque de tipo CSRF. • https://www.securityfocus.com/archive/1/531194 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2020-7997
https://notcve.org/view.php?id=CVE-2020-7997
ASUS WRT-AC66U 3 RT 3.0.0.4.372_67 devices allow XSS via the Client Name field to the Parental Control feature. Los dispositivos ASUS WRT-AC66U 3 RT versión 3.0.0.4.372_67, permiten un ataque de tipo XSS por medio del campo Client Name en la funcionalidad Parental Control. • https://gist.github.com/adeshkolte/983bcadd82cc1fd60333098eb646ef68 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 1CVE-2018-8879
https://notcve.org/view.php?id=CVE-2018-8879
Stack-based buffer overflow in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to execute arbitrary code by providing a long string to the blocking.asp page via a GET or POST request. Vulnerable parameters are flag, mac, and cat_id. Un desbordamiento de búfer en la región stack de la memoria en el firmware Asuswrt-Merlin para dispositivos ASUS versiones anteriores a 384.4 y el firmware ASUS versiones anteriores a 3.0.0.4.382.50470 para dispositivos, permite a atacantes remotos ejecutar código arbitrario al proporcionar una cadena larga en la página block.asp por medio de una petición GET o POST. Los parámetros vulnerables son flag, mac y cat_id. • https://pagedout.institute/download/PagedOut_001_beta1.pdf https://www.asus.com/Networking/RTAC66U/HelpDesk_BIOS • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 22EXPL: 0CVE-2018-9285 – ASUS TM-AC1900 Arbitrary Command Execution
https://notcve.org/view.php?id=CVE-2018-9285
Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.384_10007; RT-N18U devices before 3.0.0.4.382.39935; RT-AC87U and RT-AC3200 devices before 3.0.0.4.382.50010; and RT-AC5300 devices before 3.0.0.4.384.20287 allows OS command injection via the pingCNT and destIP fields of the SystemCmd variable. Main_Analysis_Content.asp en /apply.cgi en dispositivos ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900 y en dispositivos RT-AC3100 en versiones anteriores a la 3.0.0.4.384_10007; dispositivos RT-N18U en versiones anteriores a la 3.0.0.4.382.39935; dispositivos RT-AC87U y RT-AC3200 en versiones anteriores a la 3.0.0.4.382.50010; y dispositivos RT-AC5300 en versiones anteriores a la 3.0.0.4.384.20287 permite la inyección de comandos del sistema operativo mediante los campos pingCNT y destIP de la variable SystemCmd. • http://packetstormsecurity.com/files/160049/ASUS-TM-AC1900-Arbitrary-Command-Execution.html https://fortiguard.com/zeroday/FG-VD-17-216 https://www.fortinet.com/blog/threat-research/fortiguard-labs-discovers-vulnerability-in-asus-router.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 3%CPEs: 56EXPL: 1CVE-2017-11420
https://notcve.org/view.php?id=CVE-2017-11420
Stack-based buffer overflow in ASUS_Discovery.c in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code via long device information that is mishandled during a strcat to a device list. Un desbordamiento de búfer en la región stack de la memoria en el archivo ASUS_Discovery.c en componente networkmap en firmware Asuswrt-Merlin para dispositivos ASUS y firmware ASUS para dispositivos ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, y RT-N300, permiten que los atacantes remotos ejecuten código arbitrario por medio de información de dispositivo larga que es manejada inapropiadamente durante un strcat en una lista de dispositivos. • http://www.openwall.com/lists/oss-security/2017/07/13/1 https://asuswrt.lostrealm.ca/changelog • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •