Asuswrt@* Security Vulnerabilities and Issues — Asuswrt@* CVE List

Lucene search

AsusAsuswrt*

7 matches found

CVE•added 2018/01/22 8:29 p.m.•104 views

CVE-2018-5999

An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails.

10CVSS9.3AI score0.90925EPSS

CVE•added 2022/08/05 10:15 p.m.•101 views

CVE-2022-26376

A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.

9.8CVSS9.5AI score0.0027EPSS

CVE•added 2018/01/22 8:29 p.m.•95 views

CVE-2018-6000

An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpnupload.cgi provides functionality for setting NVRAM configuration values, which allows attackers to set the admin password and launch an SSH daemon (or enable infosvr command mode...

10CVSS9.3AI score0.90925EPSS

CVE•added 2018/01/31 8:29 p.m.•62 views

CVE-2017-15653

Improper administrator IP validation after his login in the HTTPd server in all current versions (

8.8CVSS8.6AI score0.00319EPSS

CVE•added 2018/01/31 8:29 p.m.•46 views

CVE-2017-15654

Highly predictable session tokens in the HTTPd server in all current versions (

8.3CVSS8.2AI score0.01002EPSS

CVE•added 2018/01/31 8:29 p.m.•46 views

CVE-2017-15655

Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version