| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Asus RT-N12+ B1 router stores user passwords in plaintext, which could allow local attackers to obtain unauthorized access and modify router settings. |
| An uncontrolled resource consumption vulnerability affects certain ASUS motherboards using Intel B460, B560, B660, B760, H410, H510, H610, H470, Z590, Z690, Z790, W480, W680 series chipsets. Exploitation requires physical access to internal expansion slots to install a specially crafted device and supporting software utility, and may lead to uncontrolled resource consumption that increases the risk of unauthorized direct memory access (DMA).
Refer to the 'Security Update for UEFI firmware' section on the ASUS Security Advisory for more information. |
| An insecure sensitive key storage issue was found in MyASUS. potentially allowing unauthorized actor to obtain a token that could be used to communicate with certain services.
Refer to the 'Security Update for for MyASUS' section on the ASUS Security Advisory for more information. |
| A race condition vulnerability exists in Armoury Crate. This vulnerability arises from a Time-of-check Time-of-use issue, potentially leading to authentication bypass.
Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information. |
| A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may leading to a system crash (BSOD) or other potentially undefined execution.
Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information. |
| A link following vulnerability exists in the UnifyScanner component of Armoury Crate. This vulnerability may be triggered by creating a specially crafted junction, potentially leading to local privilege escalation.
For more information, please refer to section 'Security Update for Armoury Crate App' in the ASUS Security Advisory. |
| Command injection vulnerability in Asus RT-N15U 3.0.0.4.376_3754 allows a remote attacker to execute arbitrary code via the netstat function page. |
| A file handling command vulnerability in certain versions of Armoury Crate may result in arbitrary file deletion.
Refer to the '01/23/2025 Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information. |
| An issue discovered in the DeviceIoControl component in ASUS Fan_Xpert before v.10013 allows an attacker to execute arbitrary code via crafted IOCTL requests. |
| An insecure sensitive key storage issue was found in MyASUS. potentially allowing unauthorized actor to obtain a token that could be used to communicate with certain services.
Refer to the 'Security Update for for MyASUS' section on the ASUS Security Advisory for more information. |
| A null pointer dereference has been identified in the AsIO3.sys driver. The vulnerability can be triggered by a specially crafted input, which may lead to a system crash (BSOD).
Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information. |
| Incorrect Access Control in ASUS RT-N12+ B1 and RT-N12 D1 routers allows local attackers to obtain root terminal access via the the UART interface. |
| An integer underflow vulnerability has been identified in Aicloud. An authenticated attacker may trigger this vulnerability by sending a crafted request, potentially impacting the availability of the device.
Refer to the ' Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information. |
| CSV Injection vulnerability in the Asus RT-N12+ router allows administrator users to inject arbitrary commands or formulas in the client name parameter which can be triggered and executed in a different user session upon exporting to CSV format. |
| An out-of-bounds read vulnerability has been identified in the asComSvc service. This vulnerability can be triggered by sending specially crafted requests, which may lead to a service crash or partial loss of functionality. This vulnerability only affects ASUS motherboard series products. Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information. |
| A cross-site scripting (XSS) vulnerability in the RT-N10E/ RT-N12E 2.0.0.x firmware . This vulnerability caused by improper input validation and can be triggered via the manipulation of the SSID argument in the sysinfo.asp file, leading to disclosure of sensitive information. Note: All versions of RT-N10E and RT-N12E are unsupported (End-of-Life, EOL). Consumers can mitigate this vulnerability by disabling the remote access features from WAN |
| An issue in the component AsUpIO64.sys of ASUSTeK Computer Inc ASUS USB 3.0 Boost Storage Driver 5.30.20.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. |
| An authentication-bypass vulnerability exists in AiCloud. This vulnerability can be triggered by an unintended side effect of the Samba functionality, potentially leading to allow execution of specific functions without proper authorization.
Refer to the Security Update for ASUS Router Firmware section on the ASUS Security Advisory for more information. |
| A command injection vulnerability has been identified in bwdpi. A remote, authenticated attacker could leverage this vulnerability to potentially execute arbitrary commands, leading to the device executing unintended instructions.
Refer to the 'Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information. |
| ASUS Download Master has a buffer overflow vulnerability. An unauthenticated remote attacker with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the device. |
