cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2018-20333,https://securityvulnerability.io/vulnerability/CVE-2018-20333,Information Disclosure Vulnerability in ASUSWRT by ASUS,"An information disclosure vulnerability has been identified in ASUSWRT, allowing unauthenticated users to access sensitive information through the /update_applist.asp endpoint. This flaw enables malicious actors to determine if a USB device is connected to the router and to enumerate installed applications, potentially compromising the security and privacy of the device and its users.",Asus,Asuswrt,7.5,HIGH,0.005169999785721302,false,,false,false,false,,,false,false,,2020-03-20T00:11:15.000Z,0
CVE-2018-20335,https://securityvulnerability.io/vulnerability/CVE-2018-20335,DoS Vulnerability in ASUSWRT by ASUS,"A vulnerability has been identified in ASUSWRT, specifically in version 3.0.0.4.384.20308, which allows an unauthenticated user to exploit the system. By sending a crafted request to the /APP_Installation.asp?= URI, an attacker can trigger a denial of service (DoS) condition on the httpd service. This can lead to service unavailability, affecting users' ability to access the router's web interface and hindering the overall functionality of the device.",Asus,Asuswrt,7.5,HIGH,0.0014799999771639705,false,,false,false,false,,,false,false,,2020-03-20T00:11:09.000Z,0
CVE-2018-20334,https://securityvulnerability.io/vulnerability/CVE-2018-20334,Command Injection Vulnerability in ASUSWRT Router Software by ASUS,"A command injection vulnerability has been identified in ASUSWRT, specifically in the processing of the POST data from the /start_apply.htm endpoint. This issue arises when shell metacharacters are manipulated in the fb_email parameter, allowing attackers to execute arbitrary commands on the router. Successful exploitation grants an unauthorized user control over the affected device, posing significant security risks to the network.",Asus,Asuswrt,9.8,CRITICAL,0.18549999594688416,false,,false,false,false,,,false,false,,2020-03-20T00:11:06.000Z,0
CVE-2018-20336,https://securityvulnerability.io/vulnerability/CVE-2018-20336,Stack-Based Buffer Overflow in ASUSWRT Router Firmware,"A stack-based buffer overflow vulnerability exists in the parse_req_queries function within the wanduck.c file of ASUSWRT version 3.0.0.4.384.20308. The flaw is triggered by processing a long string over UDP, potentially leading to an information leak that could be exploited by attackers to gain unauthorized access to sensitive information.",Asus,Asuswrt-merlin,7.5,HIGH,0.005109999794512987,false,,false,false,false,,,false,false,,2019-09-17T15:51:33.000Z,0
CVE-2017-15656,https://securityvulnerability.io/vulnerability/CVE-2017-15656,,Password are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt.,Asus,Asuswrt,8.8,HIGH,0.00139999995008111,false,,false,false,false,,,false,false,,2018-01-31T20:00:00.000Z,0
CVE-2017-15655,https://securityvulnerability.io/vulnerability/CVE-2017-15655,,"Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version <=3.0.0.4.376.X. All have been fixed in version 3.0.0.4.378, but this vulnerability was not previously disclosed. Some end-of-life routers have this version as the newest and thus are vulnerable at this time. This vulnerability allows for RCE with administrator rights when the administrator visits several pages.",Asus,Asuswrt,9.6,CRITICAL,0.005890000145882368,false,,false,false,false,,,false,false,,2018-01-31T20:00:00.000Z,0
CVE-2017-15653,https://securityvulnerability.io/vulnerability/CVE-2017-15653,,Improper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string.,Asus,Asuswrt,8.8,HIGH,0.000910000002477318,false,,false,false,false,,,false,false,,2018-01-31T20:00:00.000Z,0
CVE-2017-15654,https://securityvulnerability.io/vulnerability/CVE-2017-15654,,Highly predictable session tokens in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allow gaining administrative router access.,Asus,Asuswrt,8.3,HIGH,0.004019999876618385,false,,false,false,false,,,false,false,,2018-01-31T20:00:00.000Z,0
CVE-2018-5999,https://securityvulnerability.io/vulnerability/CVE-2018-5999,,"An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails.",Asus,Asuswrt,9.8,CRITICAL,0.25534000992774963,false,,false,false,true,2018-01-22T14:44:02.000Z,true,false,false,,2018-01-22T20:00:00.000Z,0
CVE-2018-6000,https://securityvulnerability.io/vulnerability/CVE-2018-6000,,"An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpnupload.cgi provides functionality for setting NVRAM configuration values, which allows attackers to set the admin password and launch an SSH daemon (or enable infosvr command mode), and consequently obtain remote administrative access, via a crafted request. This is available to unauthenticated attackers in conjunction with CVE-2018-5999.",Asus,Asuswrt,9.8,CRITICAL,0.053679998964071274,false,,false,false,true,2018-01-22T14:44:02.000Z,true,false,false,,2018-01-22T20:00:00.000Z,0