Every CVE whose affected-product data names Asus Asuswrt, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2022-26376 — CVSS 9.8 (critical): A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New…
CVE-2018-20334 — CVSS 9.8 (critical): An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue…
CVE-2018-5999 — CVSS 9.8 (critical): An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, processing of POST…
CVE-2018-6000 — CVSS 9.8 (critical): An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpnupload.cgi provides…
CVE-2017-15655 — CVSS 9.6 (critical): Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version <=3.0.0.4.376.X. All have been fixed in version…
CVE-2017-15653 — CVSS 8.8 (high): Improper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt…
CVE-2017-15656 — CVSS 8.8 (high): Password are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt.
CVE-2017-15654 — CVSS 8.3 (high): Highly predictable session tokens in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allow gaining…
CVE-2018-20333 — CVSS 7.5 (high): An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /update_applist.asp to see if a USB device is…
CVE-2018-20335 — CVSS 7.5 (high): An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can trigger a DoS of the httpd service via the…