cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-0401,https://securityvulnerability.io/vulnerability/CVE-2024-0401,ASUS Routers Vulnerable to Code Execution Flaw,"ASUS routers that support custom OpenVPN profiles are exposed to a serious code execution vulnerability. An authenticated remote attacker can exploit this flaw by uploading a specially crafted OVPN profile, which allows them to execute arbitrary operating system commands. This risk affects various models, including the ASUS ExpertWiFi and several RT series routers. Organizations using these devices should take immediate precautions to mitigate potential exploitation.",Asus,"Expertwifi,Rt-ax55,Rt-ax58u,Rt-ac67u,Rt-ac68r,Rt-ac68u,Rt-ax86 Series,Rt-ac86u,Rt-ax88u,Rt-ax3000",7.2,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-05-20T16:55:18.891Z,0
CVE-2023-41345,https://securityvulnerability.io/vulnerability/CVE-2023-41345,ASUS RT-AX55 - command injection - 1,"The ASUS RT-AX55 router has a vulnerability related to insufficient filtering of special characters in its token-generated module for authentication. This flaw enables an authenticated remote attacker to exploit the device, allowing for command injection attacks which could lead to unauthorized command execution, potential service disruption, or system termination.",Asus,Rt-ax55,8.8,HIGH,0.0008999999845400453,false,false,false,false,,false,false,2023-11-03T05:15:00.000Z,0
CVE-2023-41346,https://securityvulnerability.io/vulnerability/CVE-2023-41346,ASUS RT-AX55 - command injection - 2,"The ASUS RT-AX55 router has a security flaw in its token-refresh module, where insufficient filtering of special characters can lead to a command injection vulnerability. This allows an authenticated remote attacker to execute arbitrary commands, potentially disrupting system operations or terminating essential services. It highlights the need for robust input validation to safeguard against such attacks.",Asus,Rt-ax55,8.8,HIGH,0.0008999999845400453,false,false,false,false,,false,false,2023-11-03T05:15:00.000Z,0
CVE-2023-41347,https://securityvulnerability.io/vulnerability/CVE-2023-41347,ASUS RT-AX55 - command injection - 3,"The ASUS RT-AX55 router has a vulnerability related to insufficient filtering of special characters in its authentication token check. This weakness can be exploited by an authenticated remote attacker to perform command injection attacks. By taking advantage of this flaw, attackers can execute arbitrary commands on the device, leading to potential disruptions, service terminations, or unauthorized control over the router's functionalities.",Asus,Rt-ax55,8.8,HIGH,0.0008999999845400453,false,false,false,false,,false,false,2023-11-03T05:15:00.000Z,0
CVE-2023-41348,https://securityvulnerability.io/vulnerability/CVE-2023-41348,ASUS RT-AX55 - command injection - 4,"The ASUS RT-AX55 contains an authentication-related vulnerability that arises from inadequate filtering of special characters in its code-authentication module. This weakness can be exploited by authenticated remote attackers to execute arbitrary commands on the device, potentially leading to system disruptions, service termination, or unauthorized access to sensitive information.",Asus,Rt-ax55,8.8,HIGH,0.0008999999845400453,false,false,false,false,,false,false,2023-11-03T05:15:00.000Z,0
CVE-2023-39780,https://securityvulnerability.io/vulnerability/CVE-2023-39780,Authenticated Command Injection Vulnerability in ASUS RT-AX55 Router,"The ASUS RT-AX55 router has a vulnerability that allows an authenticated attacker to execute arbitrary commands on the device due to improper validation of input. This command injection flaw can enable unauthorized changes to device settings or the execution of potentially harmful operations, posing significant risks to the integrity and security of the network. Mitigation steps should be taken promptly to safeguard against exploit attempts.",Asus,Rt-ax55 Firmware,8.8,HIGH,0.006750000175088644,false,false,false,false,,false,false,2023-09-11T00:00:00.000Z,0
CVE-2023-39239,https://securityvulnerability.io/vulnerability/CVE-2023-39239,ASUS RT-AX55、RT-AX56U_V2、RT-AC86U - Format String - 2,"A format string vulnerability has been identified within the General function API of the ASUS RT-AX56U V2's apply.cgi module. This flaw arises from insufficient validation of specific input values, allowing a remote attacker with administrator privileges to exploit it. Successful exploitation could lead to arbitrary code execution, unauthorized system operations, or service disruption, posing significant risks to device security and operational integrity.",Asus,"Rt-ax55,Rt-ax56u V2,Rt-ac86u",7.2,HIGH,0.0006399999838322401,false,false,false,false,,false,false,2023-09-07T08:15:00.000Z,0
CVE-2023-39238,https://securityvulnerability.io/vulnerability/CVE-2023-39238,"Format String Vulnerability Affects ASUS RT-AX56U V2, Allows Remote Code Execution","A format string vulnerability has been identified in the ASUS RT-AX56U V2 due to insufficient validation within its set_iperf3_svr.cgi module. This flaw could allow an attacker with administrator privileges to execute arbitrary code remotely, perform unauthorized operations, or disrupt service functionalities. Organizations using this device should ensure timely updates and implement security measures to mitigate potential risks.",Asus,"Rt-ax55,Rt-ax56u V2",7.2,HIGH,0.0006399999838322401,false,false,false,false,,false,false,2023-09-07T08:15:00.000Z,0
CVE-2023-39240,https://securityvulnerability.io/vulnerability/CVE-2023-39240,ASUS RT-AX55、RT-AX56U_V2 - Format String - 3,"A format string vulnerability exists in the iperf client function of ASUS RT-AX56U V2, specifically within the set_iperf3_cli.cgi module. Due to inadequate validation of input values, a remote attacker with administrator privileges can exploit this flaw to execute arbitrary code, perform unrestricted system operations, or cause service disruptions.",Asus,"Rt-ax55,Rt-ax56u V2",7.2,HIGH,0.0006399999838322401,false,false,false,false,,false,false,2023-09-07T08:15:00.000Z,0
CVE-2021-37910,https://securityvulnerability.io/vulnerability/CVE-2021-37910,"ASUS GT-AXE11000, RT-AX3000, RT-AX55, RT-AX58U, TUF-AX3000 - Improper Authentication","ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has improper control of Interaction frequency vulnerability, an unauthenticated attacker can remotely disconnect other users' connections by sending specially crafted SAE authentication frames.",Asus,"Gt-axe11000,Rt-ax3000,Rt-ax55,Rt-ax58u,Tuf-ax3000",3.7,LOW,0.000699999975040555,false,false,false,true,true,false,false,2021-11-12T00:00:00.000Z,0