338 matches found
EUVD-2026-44584
Improper Neutralization of Special Elements used in an SQL Command "SQL Injection" in the web management interface of certain ASUS router models allows a remote authenticated user to disclose confidential information via a crafted request that bypasses existing input validation Refer to the ' ...
CVE-2026-11851
CVE-2026-11851 is an SQL Injection vulnerability in the web management interface of certain ASUS router models. The root cause is improper neutralization of special elements in SQL commands. It can be exploited by a remote authenticated attacker with high privileges, without user interaction, to ...
CVE-2026-12960
An Improper Export of Android Application Components vulnerability in ASUS Router App allows a third-party application on the same device to send a crafted Intent that causes ASUS Router App to open an specified URL. Refer to the ' Security Update for ASUS Router Android App ' section on the ASUS...
EUVD-2026-41482
An Improper Export of Android Application Components vulnerability in ASUS Router App allows a third-party application on the same device to send a crafted Intent that causes ASUS Router App to open an specified URL. Refer to the ' Security Update for ASUS Router Android App ' section on the ASUS...
CVE-2026-12960
CVE-2026-12960 affects the ASUS Router Android app. The issue is an Improper Export of Android Application Components, where a local third-party app on the same device can send a crafted Intent that causes the ASUS Router App to open a specified URL. CVSS metrics indicate local access, low comple...
CVE-2026-12960
An Improper Export of Android Application Components vulnerability in ASUS Router App allows a third-party application on the same device to send a crafted Intent that causes ASUS Router App to open an specified URL. Refer to the ' Security Update for ASUS Router Android App ' section on the ASUS...
CVE-2026-12960
An Improper Export of Android Application Components vulnerability in ASUS Router App allows a third-party application on the same device to send a crafted Intent that causes ASUS Router App to open an specified URL. Refer to the ' Security Update for ASUS Router Android App ' section on the ASUS...
Exploit for CVE-2024-12912
Origasus origasus.go ile derlenen, ASUS AiCloud / AsusWRT i...
CVE-2025-15101
An OS command injection vulnerability in the web management interface of certain ASUS router models allows remote authenticated administrators to execute arbitrary system commands via a crafted parameter. Refer to the 'Security Update for ASUS Router Firmware' section on the ASUS Security Advisor...
CVE-2025-15101
An OS command injection vulnerability in the web management interface of certain ASUS router models allows remote authenticated administrators to execute arbitrary system commands via a crafted parameter. Refer to the 'Security Update for ASUS Router Firmware' section on the ASUS Security Advisor...
CVE-2025-15101
An OS command injection vulnerability in the web management interface of certain ASUS router models allows remote authenticated administrators to execute arbitrary system commands via a crafted parameter. Refer to the 'Security Update for ASUS Router Firmware' section on the ASUS Security Advisor...
CVE-2025-15101
The CVE-2025-15101 entry describes a CSRF vulnerability in the web management interface of certain ASUS routers. Affected component: the web management UI; underlying cause is CSRF that allows actions with the privileges of an authenticated user, potentially enabling execution of system commands ...
CVE-2025-15101
An OS command injection vulnerability in the web management interface of certain ASUS router models allows remote authenticated administrators to execute arbitrary system commands via a crafted parameter. Refer to the 'Security Update for ASUS Router Firmware' section on the ASUS Security Advisor...
CVE-2025-15101
An OS command injection vulnerability in the web management interface of certain ASUS router models allows remote authenticated administrators to execute arbitrary system commands via a crafted parameter. Refer to the 'Security Update for ASUS Router Firmware' section on the ASUS Security Advisor...
ASUS Router 安全漏洞
ASUS Router is a router app developed by ASUS Corporation in China. ASUS Router has a security vulnerability, which stems from a cross-site request forgeing vulnerability in the web management interface. This vulnerability may allow operations to be performed with the existing permissions of...
PT-2026-28188
Name of the Vulnerable Software and Affected Versions ASUS routers affected versions not specified Description A Cross-Site Request Forgery CSRF issue exists in the Web management interface of ASUS routers. This allows actions to be performed with the privileges of an authenticated user. This...
📄 ASUS Router Multi-Stage Command Injection
A multi‑stage command injection vulnerability allows an attacker to achieve remote command execution on a vulnerable ASUS router by abusing the SETROOTCERTIFICATE and APPLYAPP HTTP methods. In the first stage, a malicious shell script is uploaded to the target system disguised as a certificate fi...
CVE-2023-31195
ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 uses sensitive cookies without 'Secure' attribute. When an attacker is in a position to be able to mount a man-in-the-middle attack, and a user is tricked to log into the affected device through an unencrypted 'http' connection, t...
CVE-2025-59369
A SQL injection vulnerability has been identified in bwdpi. A remote, authenticated attacker could leverage this vulnerability to potentially execute arbitrary SQL queries, leading to unauthorized data access. Refer to the 'Security Update for ASUS Router Firmware' section on the ASUS Security...
CVE-2025-59370
A command injection vulnerability has been identified in bwdpi. A remote, authenticated attacker could leverage this vulnerability to potentially execute arbitrary commands, leading to the device executing unintended instructions. Refer to the 'Security Update for ASUS Router Firmware' section on...