VulnCheck KEV: CVE-2018-6000

An issue was discovered in AsusWRT before 3.0.0.4.38410007. The dovpnuploadpost function in router/httpd/web.c in vpnupload.cgi provides functionality for setting NVRAM configuration values, which allows attackers to set the admin password and launch an SSH daemon or enable infosvr command mode,...

EUVD-2018-12891

Malware in sbrugna...

EUVD-2017-7104

Malware in sbrugna...

EUVD-2018-12892

Malware in sbrugna...

EUVD-2018-12893

Malware in sbrugna...

EUVD-2022-30935

Malicious code in bioql PyPI...

CVE-2021-3229

Denial of service in ASUSWRT ASUS RT-AX3000 firmware versions 3.0.0.4.38410177 and earlier versions allows an attacker to disrupt the use of device setup services via continuous login error...

CVE-2018-20335

An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can trigger a DoS of the httpd service via the /APPInstallation.asp?= URI...

CVE-2018-20333

An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /updateapplist.asp to see if a USB device is attached to the router and if there are apps installed on the router...

VulnCheck KEV: CVE-2018-20334

An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /startapply.htm POST data, there is a command injection issue via shell metacharacters in the fbemail parameter. By using this issue, an attacker can control the router and get shell...

PT-2022-6671 · Asus · Asuswrt

Name of the Vulnerable Software and Affected Versions: Asuswrt versions prior to 3.0.0.4.386 48706 Asuswrt-Merlin New Gen versions prior to 386.7 Description: A memory corruption issue exists in the httpd unescape functionality. This can be triggered by a specially-crafted HTTP request, leading t...

Asus ASUSWRT Information Disclosure (CVE-2018-14713)

An information disclosure vulnerability exists in Asus ASUSWRT. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...

Stack overflow

An issue was discovered in ASUSWRT 3.0.0.4.384.20308. There is a stack-based buffer overflow issue in parsereqqueries function in wanduck.c via a long string over UDP, which may lead to an information leak...

ASUSWRT Device Unauthenticated Modified Configuration Vulnerability

ASUS AsusWRT is a set of router operating systems from ASUS. A security vulnerability exists in the 'dovpnuploadpost' function in the router/httpd/web.c file of the vpnupload.cgi file in versions prior to ASUS AsusWRT 3.0.0.4.38410007. An attacker can exploit this vulnerability by sending a...

AsusWRT router/httpd/httpd.c file access bypass vulnerability

ASUS AsusWRT is a set of router operating systems from ASUS. A security vulnerability exists in the 'handlerequest' function of the router/httpd/httpd.c file in versions prior to ASUS AsusWRT 3.0.0.4.38410007. An attacker can exploit this vulnerability to execute a POST request...