21 matches found
CVE-2025-59369
A SQL injection vulnerability has been identified in bwdpi. A remote, authenticated attacker could leverage this vulnerability to potentially execute arbitrary SQL queries, leading to unauthorized data access. Refer to the 'Security Update for ASUS Router Firmware' section on the ASUS Security...
CVE-2025-59370
A command injection vulnerability has been identified in bwdpi. A remote, authenticated attacker could leverage this vulnerability to potentially execute arbitrary commands, leading to the device executing unintended instructions. Refer to the 'Security Update for ASUS Router Firmware' section on...
CVE-2025-59370
A command injection vulnerability has been identified in bwdpi. A remote, authenticated attacker could leverage this vulnerability to potentially execute arbitrary commands, leading to the device executing unintended instructions. Refer to the 'Security Update for ASUS Router Firmware' section on...
CVE-2025-12003
A path traversal vulnerability has been identified in WebDAV, which may allow unauthenticated remote attackers to impact the integrity of the device. Refer to the ' Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information...
CVE-2025-59372
A path traversal vulnerability has been identified in certain router models. A remote, authenticated attacker could exploit this vulnerability to write files outside the intended directory, potentially affecting device integrity. Refer to the 'Security Update for ASUS Router Firmware' section on...
CVE-2025-59371
An authentication bypass vulnerability has been identified in the IFTTT integration feature. A remote, authenticated attacker could leverage this vulnerability to potentially gain unauthorized access to the device. This vulnerability does not affect Wi-Fi 7 series models. Refer to the 'Security...
CVE-2025-59371
CVE-2025-59371 describes an authentication bypass in the ASUS Router’s IFTTT integration. A remote, authenticated attacker could exploit the flaw to potentially gain unauthorized access to the device. The vulnerability is characterized by a network attack vector with low attack complexity and req...
CVE-2025-59371
An authentication bypass vulnerability has been identified in the IFTTT integration feature. A remote, authenticated attacker could leverage this vulnerability to potentially gain unauthorized access to the device. This vulnerability does not affect Wi-Fi 7 series models. Refer to the 'Security...
CVE-2025-59370
CVE-2025-59370 describes a command injection vulnerability in the ASUS Router component bwdpi. The issue allows remote, authenticated attackers to potentially execute arbitrary commands, leading to the device performing unintended instructions. Affects ASUS Router firmware with a network-based at...
EUVD-2025-199559
A command injection vulnerability has been identified in bwdpi. A remote, authenticated attacker could leverage this vulnerability to potentially execute arbitrary commands, leading to the device executing unintended instructions. Refer to the 'Security Update for ASUS Router Firmware' section on...
CVE-2025-59369
CVE-2025-59369 affects ASUS Router firmware through the bwdpi component, where a SQL injection vulnerability exists. The root cause described across connected docs is improper handling/validation of SQL statements, enabling a remote, authenticated attacker to potentially execute arbitrary SQL que...
CVE-2025-59369
A SQL injection vulnerability has been identified in bwdpi. A remote, authenticated attacker could leverage this vulnerability to potentially execute arbitrary SQL queries, leading to unauthorized data access. Refer to the 'Security Update for ASUS Router Firmware' section on the ASUS Security...
CVE-2025-59369
A SQL injection vulnerability has been identified in bwdpi. A remote, authenticated attacker could leverage this vulnerability to potentially execute arbitrary SQL queries, leading to unauthorized data access. Refer to the 'Security Update for ASUS Router Firmware' section on the ASUS Security...
CVE-2025-12003
A path traversal vulnerability has been identified in WebDAV, which may allow unauthenticated remote attackers to impact the integrity of the device. Refer to the ' Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information...
CVE-2025-12003
A path traversal vulnerability has been identified in WebDAV, which may allow unauthenticated remote attackers to impact the integrity of the device. Refer to the ' Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information...
CVE-2025-12003
CVE-2025-12003 describes a path traversal vulnerability in ASUS Router WebDAV that may allow unauthenticated remote attackers to impact device integrity. Multiple connected sources (Red Hat, CNVD, CVE lists) corroborate a WebDAV path traversal affecting ASUS Router, with the ASUS Security Advisor...
PT-2025-48020
A command injection vulnerability has been identified in bwdpi. A remote, authenticated attacker could leverage this vulnerability to potentially execute arbitrary commands, leading to the device executing unintended instructions. Refer to the 'Security Update for ASUS Router Firmware' section on...
PT-2025-48016
Name of the Vulnerable Software and Affected Versions ASUS Router Firmware affected versions not specified Description A stack buffer overflow condition exists in certain router models. An authenticated attacker can trigger this issue by sending a specially crafted request, which may lead to a...
PT-2025-48019
A SQL injection vulnerability has been identified in bwdpi. A remote, authenticated attacker could leverage this vulnerability to potentially execute arbitrary SQL queries, leading to unauthorized data access. Refer to the 'Security Update for ASUS Router Firmware' section on the ASUS Security...
ASUS routers 安全漏洞
ASUS routers is a router app from ASUS of Taiwan, China. A security vulnerability exists in ASUS routers that stems from a problem with the router firmware's limit on the number of login attempts, which allows remote attackers to attempt an arbitrary number of login attempts by sending a specific...