CVE-2023-39240

all versions

It is identified a format string vulnerability in ASUS RT-AX56U V2’s iperf client function API. This vulnerability is caused by

7.2HIGH

CVE-2023-39239

all versions

It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API. This vulnerability is caused by lacki

7.2HIGH

CVE-2023-39238

all versions

It is identified a format string vulnerability in ASUS RT-AX56U V2. This vulnerability is caused by lacking validation for a speci

7.2HIGH

CVE-2023-39237

all versions

ASUS RT-AC86U Traffic Analyzer - Apps analysis function has insufficient filtering of special character. A remote attacker with re

8.8HIGH

CVE-2023-39236

all versions

ASUS RT-AC86U Traffic Analyzer - Statistic function has insufficient filtering of special character. A remote attacker with regula

8.8HIGH

CVE-2023-38033

all versions

ASUS RT-AC86U unused Traffic Analyzer legacy Statistic function has insufficient filtering of special character. A remote attacker

8.8HIGH

CVE-2023-38032

all versions

ASUS RT-AC86U AiProtection security-related function has insufficient filtering of special character. A remote attacker with regul

8.8HIGH

CVE-2023-38031

all versions

ASUS RT-AC86U Adaptive QoS - Web History function has insufficient filtering of special character. A remote attacker with regular

8.8HIGH

CVE-2023-35087

all versions

It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by lacking validation

9.8CRITICAL

CVE-2023-35086

all versions

It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by directly using inpu

7.2HIGH

CVE-2023-28703

all versions

ASUS RT-AC86U’s specific cgi function has a stack-based buffer overflow vulnerability due to insufficient validation for network

7.2HIGH

CVE-2023-28702

all versions

ASUS RT-AC86U does not filter special characters for parameters in specific web URLs. A remote attacker with normal user privilege

8.8HIGH

CVE-2021-43702

all versions

ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI

9.0CRITICAL

CVE-2022-25597

all versions

ASUS RT-AC86U’s LPD service has insufficient filtering for special characters in the user request, which allows an unauthenticat

8.8HIGH

CVE-2022-25596

all versions

ASUS RT-AC56U’s configuration function has a heap-based buffer overflow vulnerability due to insufficient validation for the dec

8.8HIGH

CVE-2022-25595

all versions

ASUS RT-AC86U has improper user request handling, which allows an unauthenticated LAN attacker to cause a denial of service by sen

6.5MEDIUM

CVE-2021-3128

< 3.0.0.4.386.42095

In ASUS RT-AX3000, ZenWiFi AX (XT8), RT-AX88U, and other ASUS routers with firmware < 3.0.0.4.386.42095 or < 9.0.0.4.386.41994, wh

7.5HIGH

CVE-2018-18320

<= 380.70

An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands b

9.8CRITICAL

CVE-2018-18319

<= 380.70

An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands b

9.8CRITICAL

CVE-2018-8826

all versions

ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13, and RT-N12 D1 routers with firmware before 3.0.0.4.380.8228; RT-AC52U B1,

9.8CRITICAL

CVE-2018-9285

< 3.0.0.4.384.10007

Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 device

9.8CRITICAL