cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-12957,https://securityvulnerability.io/vulnerability/CVE-2024-12957,File Handling Command Vulnerability in Armoury Crate by ASUS,"A vulnerability exists in certain versions of the Armoury Crate application developed by ASUS, which allows for arbitrary file deletion due to improper handling of file commands. This flaw could be exploited to manipulate or delete important files without user consent, raising significant security concerns for affected systems. For detailed information and recommended mitigations, please refer to the official ASUS Security Advisory.",Asus,Armoury Crate,8.4,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-23T09:41:12.337Z,0
CVE-2024-13062,https://securityvulnerability.io/vulnerability/CVE-2024-13062,Unintended Entry Point Vulnerability in ASUS Routers,"An unintended entry point has been found in various ASUS router models, potentially enabling arbitrary command execution. This vulnerability can be exploited by an attacker to execute commands on the device, which poses a serious risk to network integrity and security. Users are encouraged to check for firmware updates and apply security patches as advised in the ASUS Security Advisory to mitigate potential risks.",Asus,Router,7.2,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-02T09:09:45.871Z,0
CVE-2024-12912,https://securityvulnerability.io/vulnerability/CVE-2024-12912,Improper Input Insertion Vulnerability in AiCloud for ASUS Routers,"An improper input insertion vulnerability within the AiCloud feature of specific ASUS router models has been identified. This flaw can potentially allow an attacker to execute arbitrary commands on the affected devices, which poses a significant security risk. Users of ASUS routers are encouraged to review the associated security advisory for patches and mitigations to protect their systems from exploitation.",Asus,Router,7.2,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-02T09:05:50.239Z,202
CVE-2024-3912,https://securityvulnerability.io/vulnerability/CVE-2024-3912,ASUS Routers Vulnerable to Arbitrary Firmware Upload Attack,"ASUS routers are susceptible to an arbitrary firmware upload vulnerability that could allow an unauthenticated remote attacker to exploit the device. By leveraging this vulnerability, attackers may execute arbitrary system commands, potentially gaining control over the affected device. Users of ASUS routers are encouraged to apply security updates and follow best practices to mitigate the risk associated with this vulnerability. Ensure the latest firmware is installed to protect against unauthorized access and maintain overall device security.",Asus,"Dsl-n17u,Dsl-n55u C1,Dsl-n55u D1,Dsl-n66u,Dsl-n12u C1,Dsl-n12u D1,Dsl-n14u,Dsl-n14u B1,Dsl-n16,Dsl-ac51,Dsl-ac750,Dsl-ac52u,Dsl-ac55u,Dsl-ac56u,Dsl-n10 C1,Dsl-n10 D1,Dsl-n10p C1,Dsl-n12e C1,Dsl-n16p,Dsl-n16u,Dsl-ac52,Dsl-ac55",9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-14T09:29:00.161Z,0
CVE-2024-31163,https://securityvulnerability.io/vulnerability/CVE-2024-31163,Buffer Overflow Vulnerability in ASUS Download Master Allows Arbitrary System Command Execution,"ASUS Download Master is vulnerable to a buffer overflow attack, which can be exploited by an unauthenticated remote attacker holding administrative privileges. This weakness allows attackers to execute arbitrary system commands on the affected device, posing a significant security threat. Users and administrators of ASUS Download Master should take immediate action to assess their systems and apply necessary mitigations to safeguard against potential exploitation.",Asus,Download Master,7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-14T06:52:50.331Z,0
CVE-2024-31162,https://securityvulnerability.io/vulnerability/CVE-2024-31162,ASUS Download Master Vulnerability Allows Arbitrary System Command Execution,"The vulnerability in ASUS Download Master arises from inadequate filtering of user input in a specific function parameter. This flaw allows an unauthenticated remote attacker with administrative privileges to exploit the weakness, leading to the execution of arbitrary system commands on the affected device. As a result, this vulnerability poses significant risks, particularly for users relying on this application for file management and sharing. Users are encouraged to apply security patches and follow best practices to mitigate potential security breaches.",Asus,Download Master,7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-14T06:35:07.192Z,0
CVE-2024-31161,https://securityvulnerability.io/vulnerability/CVE-2024-31161,ASUS Download Master Upload Vulnerability Allows Remote Execution of Arbitrary System Commands,"The upload functionality in ASUS Download Master is improperly handling user inputs, which allows remote attackers with administrative privileges to exploit this vulnerability. By taking advantage of inadequate input filtering, attackers can upload arbitrary files to any location within the system. This includes the potential to upload malicious files to the website directory, enabling them to execute arbitrary system commands when users browse the compromised webpage. Such security oversights highlight the importance of robust input validation and secure file handling procedures to mitigate these risks.",Asus,Download Master,7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-14T03:53:51.560Z,0
CVE-2024-3080,https://securityvulnerability.io/vulnerability/CVE-2024-3080,ASUS Router Authentication Bypass Vulnerability Allows Unauthorized Access,"The ASUS Router Authentication Bypass Vulnerability, tracked as CVE-2024-3080, affects several popular ASUS router models, allowing unauthenticated remote attackers to gain access to the device's configuration. ASUS has issued security updates to address this critical flaw, with a CVSS score of 9.8, urging users to promptly apply the patches. The affected models include ZenWiFi XT8, RT-AX88U, RT-AX58U, RT-AX57, RT-AC86U, and RT-AC68U. Failure to update the firmware could lead to remote exploitation and unauthorized access, highlighting the urgency for users to take action and apply the necessary security measures.",Asus,"Zenwifi Xt8,Zenwifi Xt8 V2,Rt-ax88u,Rt-ax58u,Rt-ax57,Rt-ac86u,Rt-ac68u",9.8,CRITICAL,0.0004299999854993075,false,,true,false,false,,,false,false,,2024-06-14T02:57:27.002Z,854
CVE-2024-3079,https://securityvulnerability.io/vulnerability/CVE-2024-3079,Buffer Overflow Vulnerabilities Affect ASUS Routers,"Certain models of ASUS routers exhibit buffer overflow vulnerabilities, which enable remote attackers with administrative access to execute arbitrary commands on the device. This vulnerability can severely compromise the security of the routers and the network they serve, allowing unauthorized access and potential control of connected devices.",Asus,"Zenwifi Xt8,Zenwifi Xt8 V2,Rt-ax88u,Rt-ax58u,Rt-ax57,Rt-ac86u,Rt-ac68u",7.2,HIGH,0.0004299999854993075,false,,true,false,false,,,false,false,,2024-06-14T02:32:21.718Z,0
CVE-2024-0401,https://securityvulnerability.io/vulnerability/CVE-2024-0401,ASUS Routers Vulnerable to Code Execution Flaw,"ASUS routers that support custom OpenVPN profiles are exposed to a serious code execution vulnerability. An authenticated remote attacker can exploit this flaw by uploading a specially crafted OVPN profile, which allows them to execute arbitrary operating system commands. This risk affects various models, including the ASUS ExpertWiFi and several RT series routers. Organizations using these devices should take immediate precautions to mitigate potential exploitation.",Asus,"Expertwifi,Rt-ax55,Rt-ax58u,Rt-ac67u,Rt-ac68r,Rt-ac68u,Rt-ax86 Series,Rt-ac86u,Rt-ax88u,Rt-ax3000",7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-20T16:55:18.891Z,0
CVE-2024-1655,https://securityvulnerability.io/vulnerability/CVE-2024-1655,ASUS WiFi Routers Vulnerable to OS Command Injection Attacks,"ASUS WiFi routers are susceptible to an OS Command Injection vulnerability that enables an authenticated remote attacker to execute arbitrary system commands. This is achieved by sending specially crafted requests that exploit this security weakness. The vulnerability poses a significant risk to users as it allows for unauthorized access to the system, potentially leading to further exploitation of the devices.",Asus,"Expertwifi Ebm63,Expertwifi Ebm68,Rt-ax57 Go",8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-15T04:01:43.203Z,0
CVE-2023-5716,https://securityvulnerability.io/vulnerability/CVE-2023-5716,ASUS Armoury Crate - Arbitrary File Write,"ASUS Armoury Crate is susceptible to an arbitrary file write vulnerability that permits remote attackers to upload or modify files on affected systems without adequate permissions. This vulnerability can be exploited by sending specially crafted HTTP requests, leading to unauthorized access to sensitive files. The potential impact of this vulnerability underscores the necessity for users to monitor their systems for exploitation attempts and apply recommended security updates promptly.",Asus,Armoury Crate,9.8,CRITICAL,0.002369999885559082,false,,false,false,false,,,false,false,,2024-01-19T03:07:46.663Z,0
CVE-2023-47005,https://securityvulnerability.io/vulnerability/CVE-2023-47005,Remote Code Execution Vulnerability in ASUS RT-AX57 Router,"A vulnerability in the ASUS RT-AX57 router allows remote attackers to execute arbitrary code. This issue arises from improper handling of the 'lan_ifname' field in a specific function, which can be exploited through crafted requests. Users should ensure that their firmware is up-to-date to mitigate potential risks.",Asus,Rt-ax57 Firmware,9.8,CRITICAL,0.01,false,,false,false,false,,,false,false,,2023-11-09T01:15:00.000Z,0
CVE-2023-47007,https://securityvulnerability.io/vulnerability/CVE-2023-47007,Remote Code Execution Vulnerability in ASUS RT-AX57,"A vulnerability in the ASUS RT-AX57 router allows a remote attacker to execute arbitrary code by sending a specially crafted request targeting the lan_ifname field. This flaw can compromise the integrity and security of the device, potentially allowing unauthorized access and control over network operations.",Asus,Rt-ax57 Firmware,9.8,CRITICAL,0.01,false,,false,false,false,,,false,false,,2023-11-09T01:15:00.000Z,0
CVE-2023-47006,https://securityvulnerability.io/vulnerability/CVE-2023-47006,Remote Code Execution Flaw in ASUS RT-AX57 Router,"A remote code execution vulnerability exists in the ASUS RT-AX57 router, allowing attackers to execute arbitrary code. The issue arises from improper handling of the 'lan_ipaddr' field in the sub_6FC74 function. By sending specially crafted requests to the affected device, an attacker could gain unauthorized access, posing significant security risks to network integrity.",Asus,Rt-ax57 Firmware,9.8,CRITICAL,0.01,false,,false,false,false,,,false,false,,2023-11-09T01:15:00.000Z,0
CVE-2023-47008,https://securityvulnerability.io/vulnerability/CVE-2023-47008,Remote Code Execution Flaw in ASUS RT-AX57 Router,"A vulnerability in ASUS RT-AX57 version 3.0.0.4_386_52041 allows remote attackers to execute arbitrary code. This vulnerability is exploited through a crafted request to the ifname field within the sub_4CCE4 function, potentially compromising the security of the affected device.",Asus,Rt-ax57 Firmware,9.8,CRITICAL,0.01,false,,false,false,false,,,false,false,,2023-11-09T01:15:00.000Z,0
CVE-2023-41345,https://securityvulnerability.io/vulnerability/CVE-2023-41345,ASUS RT-AX55 - command injection - 1,"The ASUS RT-AX55 router has a vulnerability related to insufficient filtering of special characters in its token-generated module for authentication. This flaw enables an authenticated remote attacker to exploit the device, allowing for command injection attacks which could lead to unauthorized command execution, potential service disruption, or system termination.",Asus,Rt-ax55,8.8,HIGH,0.0008999999845400453,false,,false,false,false,,,false,false,,2023-11-03T05:15:00.000Z,0
CVE-2023-41346,https://securityvulnerability.io/vulnerability/CVE-2023-41346,ASUS RT-AX55 - command injection - 2,"The ASUS RT-AX55 router has a security flaw in its token-refresh module, where insufficient filtering of special characters can lead to a command injection vulnerability. This allows an authenticated remote attacker to execute arbitrary commands, potentially disrupting system operations or terminating essential services. It highlights the need for robust input validation to safeguard against such attacks.",Asus,Rt-ax55,8.8,HIGH,0.0008999999845400453,false,,false,false,false,,,false,false,,2023-11-03T05:15:00.000Z,0
CVE-2023-41347,https://securityvulnerability.io/vulnerability/CVE-2023-41347,ASUS RT-AX55 - command injection - 3,"The ASUS RT-AX55 router has a vulnerability related to insufficient filtering of special characters in its authentication token check. This weakness can be exploited by an authenticated remote attacker to perform command injection attacks. By taking advantage of this flaw, attackers can execute arbitrary commands on the device, leading to potential disruptions, service terminations, or unauthorized control over the router's functionalities.",Asus,Rt-ax55,8.8,HIGH,0.0008999999845400453,false,,false,false,false,,,false,false,,2023-11-03T05:15:00.000Z,0
CVE-2023-41348,https://securityvulnerability.io/vulnerability/CVE-2023-41348,ASUS RT-AX55 - command injection - 4,"The ASUS RT-AX55 contains an authentication-related vulnerability that arises from inadequate filtering of special characters in its code-authentication module. This weakness can be exploited by authenticated remote attackers to execute arbitrary commands on the device, potentially leading to system disruptions, service termination, or unauthorized access to sensitive information.",Asus,Rt-ax55,8.8,HIGH,0.0008999999845400453,false,,false,false,false,,,false,false,,2023-11-03T05:15:00.000Z,0
CVE-2023-41349,https://securityvulnerability.io/vulnerability/CVE-2023-41349,ASUS RT-AX88U - externally-controlled format string,"The ASUS RT-AX88U router is susceptible to a format string vulnerability within its Advanced OpenVPN functionality. An authenticated remote attacker could exploit the router through the exported OpenVPN configuration, leading to potential information leakage or triggering a reset of the device. This could result in a permanent denial of service, compromising the device's reliability and performance. Users are advised to apply security patches and follow best practices to mitigate this risk.",ASUS,RT-AX88U,8.8,HIGH,0.00046999999904073775,false,,false,false,false,,,false,false,,2023-09-18T03:15:00.000Z,0
CVE-2023-39780,https://securityvulnerability.io/vulnerability/CVE-2023-39780,Authenticated Command Injection Vulnerability in ASUS RT-AX55 Router,"The ASUS RT-AX55 router has a vulnerability that allows an authenticated attacker to execute arbitrary commands on the device due to improper validation of input. This command injection flaw can enable unauthorized changes to device settings or the execution of potentially harmful operations, posing significant risks to the integrity and security of the network. Mitigation steps should be taken promptly to safeguard against exploit attempts.",Asus,Rt-ax55 Firmware,8.8,HIGH,0.006750000175088644,false,,false,false,false,,,false,false,,2023-09-11T00:00:00.000Z,0
CVE-2023-39239,https://securityvulnerability.io/vulnerability/CVE-2023-39239,ASUS RT-AX55、RT-AX56U_V2、RT-AC86U - Format String - 2,"A format string vulnerability has been identified within the General function API of the ASUS RT-AX56U V2's apply.cgi module. This flaw arises from insufficient validation of specific input values, allowing a remote attacker with administrator privileges to exploit it. Successful exploitation could lead to arbitrary code execution, unauthorized system operations, or service disruption, posing significant risks to device security and operational integrity.",Asus,"Rt-ax55,Rt-ax56u V2,Rt-ac86u",7.2,HIGH,0.0006399999838322401,false,,false,false,false,,,false,false,,2023-09-07T08:15:00.000Z,0
CVE-2023-39240,https://securityvulnerability.io/vulnerability/CVE-2023-39240,ASUS RT-AX55、RT-AX56U_V2 - Format String - 3,"A format string vulnerability exists in the iperf client function of ASUS RT-AX56U V2, specifically within the set_iperf3_cli.cgi module. Due to inadequate validation of input values, a remote attacker with administrator privileges can exploit this flaw to execute arbitrary code, perform unrestricted system operations, or cause service disruptions.",Asus,"Rt-ax55,Rt-ax56u V2",7.2,HIGH,0.0006399999838322401,false,,false,false,false,,,false,false,,2023-09-07T08:15:00.000Z,0
CVE-2023-39238,https://securityvulnerability.io/vulnerability/CVE-2023-39238,"Format String Vulnerability Affects ASUS RT-AX56U V2, Allows Remote Code Execution","A format string vulnerability has been identified in the ASUS RT-AX56U V2 due to insufficient validation within its set_iperf3_svr.cgi module. This flaw could allow an attacker with administrator privileges to execute arbitrary code remotely, perform unauthorized operations, or disrupt service functionalities. Organizations using this device should ensure timely updates and implement security measures to mitigate potential risks.",Asus,"Rt-ax55,Rt-ax56u V2",7.2,HIGH,0.0006399999838322401,false,,false,false,false,,,false,false,,2023-09-07T08:15:00.000Z,0