cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-12957,https://securityvulnerability.io/vulnerability/CVE-2024-12957,File Handling Command Vulnerability in Armoury Crate by ASUS,"A vulnerability exists in certain versions of the Armoury Crate application developed by ASUS, which allows for arbitrary file deletion due to improper handling of file commands. This flaw could be exploited to manipulate or delete important files without user consent, raising significant security concerns for affected systems. For detailed information and recommended mitigations, please refer to the official ASUS Security Advisory.",Asus,Armoury Crate,8.4,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-23T09:41:12.337Z,0
CVE-2024-55408,https://securityvulnerability.io/vulnerability/CVE-2024-55408,Arbitrary Read and Write Vulnerability in ASUS System Analysis IO Component,"The AsusSAIO.sys component in ASUS System Analysis IO version 1.0.0 is susceptible to arbitrary read and write operations, which can be exploited by attackers. This vulnerability arises from inadequately secured IOCTL requests, allowing malicious actors to craft requests that can manipulate memory and I/O operations, potentially leading to unauthorized data access or system modifications. It underscores the importance of proper input validation and access controls in driver design. For further details, visit [ASUS](http://asus.com) or view the [GitHub reference](https://github.com/heyheysky/vulnerable-driver/blob/master/CVE-2024-55408/CVE-2024-55408_AsusSAIO.sys_README.md).",ASUS,ASUS System Analysis IO,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-06T19:15:00.000Z,0
CVE-2024-13062,https://securityvulnerability.io/vulnerability/CVE-2024-13062,Unintended Entry Point Vulnerability in ASUS Routers,"An unintended entry point has been found in various ASUS router models, potentially enabling arbitrary command execution. This vulnerability can be exploited by an attacker to execute commands on the device, which poses a serious risk to network integrity and security. Users are encouraged to check for firmware updates and apply security patches as advised in the ASUS Security Advisory to mitigate potential risks.",Asus,Router,7.2,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-02T09:09:45.871Z,0
CVE-2024-12912,https://securityvulnerability.io/vulnerability/CVE-2024-12912,Improper Input Insertion Vulnerability in AiCloud for ASUS Routers,"An improper input insertion vulnerability within the AiCloud feature of specific ASUS router models has been identified. This flaw can potentially allow an attacker to execute arbitrary commands on the affected devices, which poses a significant security risk. Users of ASUS routers are encouraged to review the associated security advisory for patches and mitigations to protect their systems from exploitation.",Asus,Router,7.2,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-02T09:05:50.239Z,202
CVE-2024-11985,https://securityvulnerability.io/vulnerability/CVE-2024-11985,Crashes Occur in Certain ASUS Router Models Due to Improper Input Validation,"An improper input validation vulnerability exists in select ASUS router models, allowing malicious input to trigger device crashes. This flaw could allow for unauthorized disruption of network services. Users of these devices should review the latest security advisories from ASUS to ensure their router configurations are secure and up-to-date. For further details on the affected models and remediation steps, refer to the official ASUS security advisory.",ASUS,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-04T02:15:00.000Z,0
CVE-2024-42757,https://securityvulnerability.io/vulnerability/CVE-2024-42757,Asus Routers Hit by Command Injection Vulnerability,"A command injection vulnerability exists in the Asus RT-N15U router firmware version 3.0.0.4.376_3754. This vulnerability allows a remote attacker to exploit the netstat function page to execute arbitrary code on the device. An attacker could potentially leverage this flaw to compromise the router's functionality, leading to unauthorized access to sensitive information or control over the affected device. Users are encouraged to review their router settings and apply any available security updates to mitigate risks associated with this vulnerability.",Asus,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-08-15T19:15:00.000Z,0
CVE-2024-33278,https://securityvulnerability.io/vulnerability/CVE-2024-33278,Buffer Overflow Vulnerability in ASUS RT-AX88U Router,"A buffer overflow vulnerability has been identified in the ASUS RT-AX88U router when running firmware version v3.0.0.4.388_24198. This issue arises from improper length validation for the cookie field within the connection state machine, enabling remote attackers to potentially execute arbitrary code. Users of the RT-AX88U router are urged to review ASUS's security advisory for mitigation strategies and available firmware updates to safeguard their devices.",ASUS,RT-AX88U Router,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-24T00:00:00.000Z,0
CVE-2024-3912,https://securityvulnerability.io/vulnerability/CVE-2024-3912,ASUS Routers Vulnerable to Arbitrary Firmware Upload Attack,"ASUS routers are susceptible to an arbitrary firmware upload vulnerability that could allow an unauthenticated remote attacker to exploit the device. By leveraging this vulnerability, attackers may execute arbitrary system commands, potentially gaining control over the affected device. Users of ASUS routers are encouraged to apply security updates and follow best practices to mitigate the risk associated with this vulnerability. Ensure the latest firmware is installed to protect against unauthorized access and maintain overall device security.",Asus,"Dsl-n17u,Dsl-n55u C1,Dsl-n55u D1,Dsl-n66u,Dsl-n12u C1,Dsl-n12u D1,Dsl-n14u,Dsl-n14u B1,Dsl-n16,Dsl-ac51,Dsl-ac750,Dsl-ac52u,Dsl-ac55u,Dsl-ac56u,Dsl-n10 C1,Dsl-n10 D1,Dsl-n10p C1,Dsl-n12e C1,Dsl-n16p,Dsl-n16u,Dsl-ac52,Dsl-ac55",9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-14T09:29:00.161Z,0
CVE-2024-31163,https://securityvulnerability.io/vulnerability/CVE-2024-31163,Buffer Overflow Vulnerability in ASUS Download Master Allows Arbitrary System Command Execution,"ASUS Download Master is vulnerable to a buffer overflow attack, which can be exploited by an unauthenticated remote attacker holding administrative privileges. This weakness allows attackers to execute arbitrary system commands on the affected device, posing a significant security threat. Users and administrators of ASUS Download Master should take immediate action to assess their systems and apply necessary mitigations to safeguard against potential exploitation.",Asus,Download Master,7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-14T06:52:50.331Z,0
CVE-2024-31162,https://securityvulnerability.io/vulnerability/CVE-2024-31162,ASUS Download Master Vulnerability Allows Arbitrary System Command Execution,"The vulnerability in ASUS Download Master arises from inadequate filtering of user input in a specific function parameter. This flaw allows an unauthenticated remote attacker with administrative privileges to exploit the weakness, leading to the execution of arbitrary system commands on the affected device. As a result, this vulnerability poses significant risks, particularly for users relying on this application for file management and sharing. Users are encouraged to apply security patches and follow best practices to mitigate potential security breaches.",Asus,Download Master,7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-14T06:35:07.192Z,0
CVE-2024-31161,https://securityvulnerability.io/vulnerability/CVE-2024-31161,ASUS Download Master Upload Vulnerability Allows Remote Execution of Arbitrary System Commands,"The upload functionality in ASUS Download Master is improperly handling user inputs, which allows remote attackers with administrative privileges to exploit this vulnerability. By taking advantage of inadequate input filtering, attackers can upload arbitrary files to any location within the system. This includes the potential to upload malicious files to the website directory, enabling them to execute arbitrary system commands when users browse the compromised webpage. Such security oversights highlight the importance of robust input validation and secure file handling procedures to mitigate these risks.",Asus,Download Master,7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-14T03:53:51.560Z,0
CVE-2024-31160,https://securityvulnerability.io/vulnerability/CVE-2024-31160,ASUS Download Master vulnerable to Stored Cross-site scripting attacks,The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Stored Cross-site scripting attacks.,Asus,Download Master,4.8,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-14T03:41:21.402Z,0
CVE-2024-31159,https://securityvulnerability.io/vulnerability/CVE-2024-31159,ASUS Download Master Vulnerable to Reflected Cross-site Scripting Attacks,The parameter used in the certain page of ASUS Download Master is not properly filtered for user input. A remote attacker with administrative privilege can insert JavaScript code to the parameter for Reflected Cross-site scripting attacks.,Asus,Download Master,4.8,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-14T03:25:03.735Z,0
CVE-2024-3080,https://securityvulnerability.io/vulnerability/CVE-2024-3080,ASUS Router Authentication Bypass Vulnerability Allows Unauthorized Access,"The ASUS Router Authentication Bypass Vulnerability, tracked as CVE-2024-3080, affects several popular ASUS router models, allowing unauthenticated remote attackers to gain access to the device's configuration. ASUS has issued security updates to address this critical flaw, with a CVSS score of 9.8, urging users to promptly apply the patches. The affected models include ZenWiFi XT8, RT-AX88U, RT-AX58U, RT-AX57, RT-AC86U, and RT-AC68U. Failure to update the firmware could lead to remote exploitation and unauthorized access, highlighting the urgency for users to take action and apply the necessary security measures.",Asus,"Zenwifi Xt8,Zenwifi Xt8 V2,Rt-ax88u,Rt-ax58u,Rt-ax57,Rt-ac86u,Rt-ac68u",9.8,CRITICAL,0.0004299999854993075,false,,true,false,false,,,false,false,,2024-06-14T02:57:27.002Z,854
CVE-2024-3079,https://securityvulnerability.io/vulnerability/CVE-2024-3079,Buffer Overflow Vulnerabilities Affect ASUS Routers,"Certain models of ASUS routers exhibit buffer overflow vulnerabilities, which enable remote attackers with administrative access to execute arbitrary commands on the device. This vulnerability can severely compromise the security of the routers and the network they serve, allowing unauthorized access and potential control of connected devices.",Asus,"Zenwifi Xt8,Zenwifi Xt8 V2,Rt-ax88u,Rt-ax58u,Rt-ax57,Rt-ac86u,Rt-ac68u",7.2,HIGH,0.0004299999854993075,false,,true,false,false,,,false,false,,2024-06-14T02:32:21.718Z,0
CVE-2024-0401,https://securityvulnerability.io/vulnerability/CVE-2024-0401,ASUS Routers Vulnerable to Code Execution Flaw,"ASUS routers that support custom OpenVPN profiles are exposed to a serious code execution vulnerability. An authenticated remote attacker can exploit this flaw by uploading a specially crafted OVPN profile, which allows them to execute arbitrary operating system commands. This risk affects various models, including the ASUS ExpertWiFi and several RT series routers. Organizations using these devices should take immediate precautions to mitigate potential exploitation.",Asus,"Expertwifi,Rt-ax55,Rt-ax58u,Rt-ac67u,Rt-ac68r,Rt-ac68u,Rt-ax86 Series,Rt-ac86u,Rt-ax88u,Rt-ax3000",7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-20T16:55:18.891Z,0
CVE-2023-33548,https://securityvulnerability.io/vulnerability/CVE-2023-33548,XSS Vulnerability in ASUS RT-AC51U Router,"A Cross Site Scripting (XSS) vulnerability exists in the ASUS RT-AC51U router, enabling attackers to execute arbitrary code through manipulation of the WPA Pre-Shared Key field in the router's firmware. This flaw can compromise the device's integrity and expose sensitive information, necessitating immediate updates to firmware versions beyond 3.0.0.4.380.8591 to mitigate potential risk.",ASUS,RT-AC51U Router,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-06T00:00:00.000Z,0
CVE-2023-35720,https://securityvulnerability.io/vulnerability/CVE-2023-35720,ASUS RT-AX92U lighttpd mod_webdav.so SQL Injection Information Disclosure Vulnerability,"The ASUS RT-AX92U router contains a vulnerability within the mod_webdav.so module that can be exploited by network-adjacent attackers to disclose sensitive information. This vulnerability arises during the processing of requests, where the system fails to properly validate user-supplied input before using it in SQL queries. As a result, malicious actors can exploit this flaw without the need for authentication, allowing for unauthorized access to critical information within the system's context.",Asus,Rt-ax92u,6.5,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-05-03T01:57:40.156Z,0
CVE-2023-31889,https://securityvulnerability.io/vulnerability/CVE-2023-31889,Denial of Service Vulnerability in ASUS RT-AC51U HTTP Server,"A vulnerability has been identified in the HTTP server component of the ASUS RT-AC51U router. This issue allows local attackers to launch a denial of service attack by sending specially crafted GET requests. When successful, these crafted requests can disrupt the normal operation of the device, leading to significant downtime and potential loss of connectivity. Users are advised to update their firmware to mitigate this vulnerability and ensure the security and stability of their network.",ASUS,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-29T00:00:00.000Z,0
CVE-2024-30804,https://securityvulnerability.io/vulnerability/CVE-2024-30804,Arbitrary Code Execution Vulnerability in ASUS Fan_Xpert Before v.10013,An issue discovered in the DeviceIoControl component in ASUS Fan_Xpert before v.10013 allows an attacker to execute arbitrary code via crafted IOCTL requests.,ASUS,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-26T22:15:00.000Z,0
CVE-2024-28326,https://securityvulnerability.io/vulnerability/CVE-2024-28326,Root Access Vulnerability in Asus RT-N12+ B1 Routers,Incorrect Access Control in ASUS RT-N12+ B1 and RT-N12 D1 routers allows local attackers to obtain root terminal access via the the UART interface.,Asus,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-26T20:15:00.000Z,0
CVE-2024-28327,https://securityvulnerability.io/vulnerability/CVE-2024-28327,"Asus Router Stores User Passwords in Plaintext, Leaving Users Vulnerable to Attacks","Asus RT-N12+ B1 router stores user passwords in plaintext, which could allow local attackers to obtain unauthorized access and modify router settings.",Asus,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-26T19:15:00.000Z,0
CVE-2024-28325,https://securityvulnerability.io/vulnerability/CVE-2024-28325,"Asus Router Stores Credentials in Cleartext, Leaving Users Vulnerable to Attacks","Asus RT-N12+ B1 router stores credentials in cleartext, which could allow local attackers to obtain unauthorized access and modify router settings.",Asus,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-26T19:15:00.000Z,0
CVE-2024-28328,https://securityvulnerability.io/vulnerability/CVE-2024-28328,CSV Injection Vulnerability in Asus RT-N12+ Router Allows Arbitrary Commands Execution,CSV Injection vulnerability in the Asus RT-N12+ router allows administrator users to inject arbitrary commands or formulas in the client name parameter which can be triggered and executed in a different user session upon exporting to CSV format.,Asus,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-26T15:15:00.000Z,0
CVE-2024-1655,https://securityvulnerability.io/vulnerability/CVE-2024-1655,ASUS WiFi Routers Vulnerable to OS Command Injection Attacks,"ASUS WiFi routers are susceptible to an OS Command Injection vulnerability that enables an authenticated remote attacker to execute arbitrary system commands. This is achieved by sending specially crafted requests that exploit this security weakness. The vulnerability poses a significant risk to users as it allows for unauthorized access to the system, potentially leading to further exploitation of the devices.",Asus,"Expertwifi Ebm63,Expertwifi Ebm68,Rt-ax57 Go",8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-15T04:01:43.203Z,0