cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-3080,https://securityvulnerability.io/vulnerability/CVE-2024-3080,ASUS Router Authentication Bypass Vulnerability Allows Unauthorized Access,"The ASUS Router Authentication Bypass Vulnerability, tracked as CVE-2024-3080, affects several popular ASUS router models, allowing unauthenticated remote attackers to gain access to the device's configuration. ASUS has issued security updates to address this critical flaw, with a CVSS score of 9.8, urging users to promptly apply the patches. The affected models include ZenWiFi XT8, RT-AX88U, RT-AX58U, RT-AX57, RT-AC86U, and RT-AC68U. Failure to update the firmware could lead to remote exploitation and unauthorized access, highlighting the urgency for users to take action and apply the necessary security measures.",Asus,"Zenwifi Xt8,Zenwifi Xt8 V2,Rt-ax88u,Rt-ax58u,Rt-ax57,Rt-ac86u,Rt-ac68u",9.8,CRITICAL,0.0004299999854993075,false,true,false,false,,false,false,2024-06-14T02:57:27.002Z,854
CVE-2024-3079,https://securityvulnerability.io/vulnerability/CVE-2024-3079,Buffer Overflow Vulnerabilities Affect ASUS Routers,"Certain models of ASUS routers exhibit buffer overflow vulnerabilities, which enable remote attackers with administrative access to execute arbitrary commands on the device. This vulnerability can severely compromise the security of the routers and the network they serve, allowing unauthorized access and potential control of connected devices.",Asus,"Zenwifi Xt8,Zenwifi Xt8 V2,Rt-ax88u,Rt-ax58u,Rt-ax57,Rt-ac86u,Rt-ac68u",7.2,HIGH,0.0004299999854993075,false,true,false,false,,false,false,2024-06-14T02:32:21.718Z,0
CVE-2024-0401,https://securityvulnerability.io/vulnerability/CVE-2024-0401,ASUS Routers Vulnerable to Code Execution Flaw,"ASUS routers that support custom OpenVPN profiles are exposed to a serious code execution vulnerability. An authenticated remote attacker can exploit this flaw by uploading a specially crafted OVPN profile, which allows them to execute arbitrary operating system commands. This risk affects various models, including the ASUS ExpertWiFi and several RT series routers. Organizations using these devices should take immediate precautions to mitigate potential exploitation.",Asus,"Expertwifi,Rt-ax55,Rt-ax58u,Rt-ac67u,Rt-ac68r,Rt-ac68u,Rt-ax86 Series,Rt-ac86u,Rt-ax88u,Rt-ax3000",7.2,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-05-20T16:55:18.891Z,0
CVE-2023-39239,https://securityvulnerability.io/vulnerability/CVE-2023-39239,ASUS RT-AX55、RT-AX56U_V2、RT-AC86U - Format String - 2,"A format string vulnerability has been identified within the General function API of the ASUS RT-AX56U V2's apply.cgi module. This flaw arises from insufficient validation of specific input values, allowing a remote attacker with administrator privileges to exploit it. Successful exploitation could lead to arbitrary code execution, unauthorized system operations, or service disruption, posing significant risks to device security and operational integrity.",Asus,"Rt-ax55,Rt-ax56u V2,Rt-ac86u",7.2,HIGH,0.0006399999838322401,false,false,false,false,,false,false,2023-09-07T08:15:00.000Z,0
CVE-2023-39237,https://securityvulnerability.io/vulnerability/CVE-2023-39237,ASUS RT-AC86U - Command injection vulnerability - 5,"The ASUS RT-AC86U's Traffic Analyzer feature suffers from insufficient filtering of special characters, which can be leveraged by a remote attacker with limited user privileges to execute arbitrary commands on the device. This could potentially disrupt system operations or terminate critical services, posing a significant security concern for users relying on this router functionality.",Asus,Rt-ac86u,8.8,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2023-09-07T07:15:00.000Z,0
CVE-2023-38033,https://securityvulnerability.io/vulnerability/CVE-2023-38033,ASUS RT-AC86U - Command injection vulnerability - 3,"The ASUS RT-AC86U router contains a vulnerability within its Traffic Analyzer legacy Statistics function, which fails to adequately filter special characters. This weakness can be exploited by a remote attacker with standard user privileges to execute arbitrary commands on the system. Such exploitation may result in system disruption or termination of important services, highlighting a critical area of concern for device security and user integrity.",Asus,Rt-ac86u,8.8,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2023-09-07T07:15:00.000Z,0
CVE-2023-38032,https://securityvulnerability.io/vulnerability/CVE-2023-38032,ASUS RT-AC86U - Command injection vulnerability - 2,"The ASUS RT-AC86U router is affected by a command injection vulnerability tied to its AiProtection features. This weakness arises from inadequate filtering of special characters, allowing remote attackers with standard user privileges to manipulate input strings. By exploiting this flaw, malicious users can execute arbitrary commands, potentially leading to system disruptions or the termination of critical services on the router.",Asus,Rt-ac86u,8.8,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2023-09-07T07:15:00.000Z,0
CVE-2023-39236,https://securityvulnerability.io/vulnerability/CVE-2023-39236,ASUS RT-AC86U - Command injection vulnerability - 4,"The ASUS RT-AC86U Traffic Analyzer is susceptible to a command injection vulnerability due to insufficient filtering of special characters. A remote attacker, possessing regular user privileges, may exploit this security flaw to inject malicious commands, leading to unauthorized execution of arbitrary commands. This can result in a system disrupt or termination of essential services, jeopardizing the integrity and availability of network operations. It is crucial for users to apply recommended security measures to mitigate potential exploitation.",Asus,Rt-ac86u,8.8,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2023-09-07T07:15:00.000Z,0
CVE-2023-38031,https://securityvulnerability.io/vulnerability/CVE-2023-38031,ASUS RT-AC86U - Command injection vulnerability - 1,"The ASUS RT-AC86U router's Adaptive QoS Web History function is vulnerable due to insufficient filtering of special characters. This oversight allows a remote attacker with standard user privileges to exploit the vulnerability. Through command injection tactics, the attacker can execute arbitrary commands, which may lead to disruption of system functionality or termination of critical services, posing a significant threat to network integrity.",Asus,Rt-ac86u,8.8,HIGH,0.0009800000116229057,false,false,false,false,,false,false,2023-09-07T04:15:00.000Z,0
CVE-2023-35087,https://securityvulnerability.io/vulnerability/CVE-2023-35087,ASUS RT-AX56U V2 & RT-AC86U - Format String - 2,"A format string vulnerability has been identified in ASUS RT-AX56U V2 and RT-AC86U routers. This weakness arises from insufficient validation of a specific value when executing the cm_processChangedConfigMsg within the ccm_processREQ_CHANGED_CONFIG function in the AiMesh system. An unauthenticated remote attacker could exploit this vulnerability to perform arbitrary code execution, carry out arbitrary operations on the system, or potentially disrupt the service, making it crucial for users to mitigate the associated risks.",Asus,"Rt-ax56u V2,Rt-ac86u",9.8,CRITICAL,0.0006399999838322401,false,false,false,false,,false,false,2023-07-21T08:15:00.000Z,0
CVE-2023-35086,https://securityvulnerability.io/vulnerability/CVE-2023-35086,ASUS RT-AX56U V2 & RT-AC86U - Format String -1,"A format string vulnerability has been identified in ASUS RT-AX56U V2 and RT-AC86U routers, specifically within the logmessage_normal function of the do_detwan_cgi module in the HTTP daemon. This flaw allows a remote attacker with administrator privileges to exploit the system, potentially leading to arbitrary code execution and unauthorized system operations or service disruptions. The affected firmware versions include 3.0.0.4.386_50460 for RT-AX56U V2 and 3.0.0.4_386_51529 for RT-AC86U.",Asus,"Rt-ax56u V2,Rt-ac86u",7.2,HIGH,0.0006399999838322401,false,false,false,true,true,false,false,2023-07-21T07:15:00.000Z,0
CVE-2023-28702,https://securityvulnerability.io/vulnerability/CVE-2023-28702,ASUS RT-AC86U - Command Injection,"The ASUS RT-AC86U router is susceptible to a command injection vulnerability due to insufficient filtering of special characters in specific web URLs. An attacker with normal user privileges can exploit this flaw to execute arbitrary system commands. This exploitation can lead to severe disruption of system functionality or termination of services, posing significant risks to network integrity and availability.",ASUS,RT-AC86U,8.8,HIGH,0.0005099999834783375,false,false,false,false,,false,false,2023-06-02T00:00:00.000Z,0
CVE-2023-28703,https://securityvulnerability.io/vulnerability/CVE-2023-28703,ASUS RT-AC86U - Buffer Overflow,"The ASUS RT-AC86U router has a stack-based buffer overflow vulnerability stemming from inadequate validation of network packet header lengths. This flaw can be exploited by a remote attacker with administrative access, potentially enabling the execution of arbitrary system commands, causing service disruption, or even terminating essential router services. Users of the RT-AC86U should take immediate action to secure their devices and mitigate potential attacks.",Asus,Rt-ac86u,7.2,HIGH,0.0010900000343099236,false,false,false,false,,false,false,2023-06-02T00:00:00.000Z,0
CVE-2022-25596,https://securityvulnerability.io/vulnerability/CVE-2022-25596,ASUS RT-AC86U - Heap-based buffer overflow,"ASUS RT-AC56U’s configuration function has a heap-based buffer overflow vulnerability due to insufficient validation for the decryption parameter length, which allows an unauthenticated LAN attacker to execute arbitrary code, perform arbitrary operations and disrupt service.",Asus,Rt-ac86u,8.8,HIGH,0.0010100000072270632,false,false,false,false,,false,false,2022-04-07T19:15:00.000Z,0
CVE-2022-25597,https://securityvulnerability.io/vulnerability/CVE-2022-25597,ASUS RT-AC86U - Command Injection,"ASUS RT-AC86U’s LPD service has insufficient filtering for special characters in the user request, which allows an unauthenticated LAN attacker to perform command injection attack, execute arbitrary commands and disrupt or terminate service.",Asus,Rt-ac86u,8.8,HIGH,0.0007800000021234155,false,false,false,false,,false,false,2022-04-07T19:15:00.000Z,0
CVE-2022-25595,https://securityvulnerability.io/vulnerability/CVE-2022-25595,ASUS RT-AC86U - Improper Input Validation,"ASUS RT-AC86U has improper user request handling, which allows an unauthenticated LAN attacker to cause a denial of service by sending particular request a server-to-client reply attempt.",Asus,Rt-ac86u,6.5,MEDIUM,0.0005799999926239252,false,false,false,false,,false,false,2022-04-07T19:15:00.000Z,0