cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-3080,https://securityvulnerability.io/vulnerability/CVE-2024-3080,ASUS Router Authentication Bypass Vulnerability Allows Unauthorized Access,"The ASUS Router Authentication Bypass Vulnerability, tracked as CVE-2024-3080, affects several popular ASUS router models, allowing unauthenticated remote attackers to gain access to the device's configuration. ASUS has issued security updates to address this critical flaw, with a CVSS score of 9.8, urging users to promptly apply the patches. The affected models include ZenWiFi XT8, RT-AX88U, RT-AX58U, RT-AX57, RT-AC86U, and RT-AC68U. Failure to update the firmware could lead to remote exploitation and unauthorized access, highlighting the urgency for users to take action and apply the necessary security measures.",Asus,"Zenwifi Xt8,Zenwifi Xt8 V2,Rt-ax88u,Rt-ax58u,Rt-ax57,Rt-ac86u,Rt-ac68u",9.8,CRITICAL,0.0004299999854993075,false,true,false,false,,false,false,2024-06-14T02:57:27.002Z,854
CVE-2024-3079,https://securityvulnerability.io/vulnerability/CVE-2024-3079,Buffer Overflow Vulnerabilities Affect ASUS Routers,"Certain models of ASUS routers exhibit buffer overflow vulnerabilities, which enable remote attackers with administrative access to execute arbitrary commands on the device. This vulnerability can severely compromise the security of the routers and the network they serve, allowing unauthorized access and potential control of connected devices.",Asus,"Zenwifi Xt8,Zenwifi Xt8 V2,Rt-ax88u,Rt-ax58u,Rt-ax57,Rt-ac86u,Rt-ac68u",7.2,HIGH,0.0004299999854993075,false,true,false,false,,false,false,2024-06-14T02:32:21.718Z,0
CVE-2024-0401,https://securityvulnerability.io/vulnerability/CVE-2024-0401,ASUS Routers Vulnerable to Code Execution Flaw,"ASUS routers that support custom OpenVPN profiles are exposed to a serious code execution vulnerability. An authenticated remote attacker can exploit this flaw by uploading a specially crafted OVPN profile, which allows them to execute arbitrary operating system commands. This risk affects various models, including the ASUS ExpertWiFi and several RT series routers. Organizations using these devices should take immediate precautions to mitigate potential exploitation.",Asus,"Expertwifi,Rt-ax55,Rt-ax58u,Rt-ac67u,Rt-ac68r,Rt-ac68u,Rt-ax86 Series,Rt-ac86u,Rt-ax88u,Rt-ax3000",7.2,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-05-20T16:55:18.891Z,0
CVE-2023-41349,https://securityvulnerability.io/vulnerability/CVE-2023-41349,ASUS RT-AX88U - externally-controlled format string,"The ASUS RT-AX88U router is susceptible to a format string vulnerability within its Advanced OpenVPN functionality. An authenticated remote attacker could exploit the router through the exported OpenVPN configuration, leading to potential information leakage or triggering a reset of the device. This could result in a permanent denial of service, compromising the device's reliability and performance. Users are advised to apply security patches and follow best practices to mitigate this risk.",ASUS,RT-AX88U,8.8,HIGH,0.00046999999904073775,false,false,false,false,,false,false,2023-09-18T03:15:00.000Z,0
CVE-2023-34360,https://securityvulnerability.io/vulnerability/CVE-2023-34360,ASUS RT-AX88U - Stored XSS,A security flaw has been identified in the Custom User Icons feature of the ASUS RT-AX88U router. This vulnerability allows a remote attacker with regular user access to execute a stored cross-site scripting (XSS) attack by uploading an image containing malicious JavaScript code. This could lead to unauthorized actions on behalf of the user and compromise sensitive information. Users are advised to upgrade to the latest firmware version to mitigate this risk.,Asus,Rt-ax88u,8.2,HIGH,0.0005600000149570405,false,false,false,false,,false,false,2023-07-31T06:15:00.000Z,0
CVE-2023-34359,https://securityvulnerability.io/vulnerability/CVE-2023-34359,ASUS RT-AX88U - Out-of-bounds Read - 2,"The HTTP service of the ASUS RT-AX88U router is vulnerable to an unauthenticated Denial of Service (DoS) attack. A remote attacker can exploit this vulnerability by sending a specially crafted request that triggers a failure in the httpd binary, particularly in the 'do_json_decode()' function. This can result in a complete shutdown of the HTTP service, effectively rendering the device unresponsive to further requests, which poses significant risks to network availability.",Asus,Rt-ax88u,7.5,HIGH,0.00046999999904073775,false,false,false,false,,false,false,2023-07-31T05:15:00.000Z,0
CVE-2023-34358,https://securityvulnerability.io/vulnerability/CVE-2023-34358,ASUS RT-AX88U - Out-of-bounds Read - 1,"The ASUS RT-AX88U router is vulnerable to an unauthenticated Denial-of-Service condition due to a flaw in the httpd service. An attacker can exploit this by sending a specially crafted HTTP request containing a specific user agent string. This leads to a crash of the httpd binary, disrupting the router's functionality and potentially leading to service outages.",Asus,Rt-ax88u,7.5,HIGH,0.00046999999904073775,false,false,false,false,,false,false,2023-07-31T05:15:00.000Z,0
CVE-2021-41437,https://securityvulnerability.io/vulnerability/CVE-2021-41437,,"An HTTP response splitting attack in web application in ASUS RT-AX88U before v3.0.0.4.388.20558 allows an attacker to craft a specific URL that if an authenticated victim visits it, the URL will give access to the cloud storage of the attacker.",Asus,Rt-ax88u Firmware,6.5,MEDIUM,0.0017399999778717756,false,false,false,false,,false,false,2022-09-26T13:18:38.000Z,0
CVE-2022-26674,https://securityvulnerability.io/vulnerability/CVE-2022-26674,ASUS RT-AX88U - Format String,"ASUS RT-AX88U has a Format String vulnerability, which allows an unauthenticated remote attacker to write to arbitrary memory address and perform remote arbitrary code execution, arbitrary system operation or disrupt service.",Asus,Rt-ax88u,9.8,CRITICAL,0.00046999999904073775,false,false,false,false,,false,false,2022-04-22T00:00:00.000Z,0
CVE-2022-26673,https://securityvulnerability.io/vulnerability/CVE-2022-26673,ASUS RT-AX88U - Stored XSS,ASUS RT-AX88U has insufficient filtering for special characters in the HTTP header parameter. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform Stored Cross-Site Scripting (XSS) attacks.,Asus,Rt-ax88u,5.4,MEDIUM,0.0005099999834783375,false,false,false,false,,false,false,2022-04-22T00:00:00.000Z,0