Asus Rt-ax88u Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Asus Rt-ax88u Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2022-26674 — CVSS 9.8 (critical): ASUS RT-AX88U has a Format String vulnerability, which allows an unauthenticated remote attacker to write to arbitrary memory address and…
CVE-2021-41435 — CVSS 9.8 (critical): A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U…
CVE-2021-43702 — CVSS 9.0 (critical): ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs…
CVE-2023-41349 — CVSS 8.8 (high): ASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. An…
CVE-2023-34360 — CVSS 8.2 (high): A stored cross-site scripting (XSS) issue was discovered within the Custom User Icons functionality of ASUS RT-AX88U running firmware…
CVE-2021-3128 — CVSS 7.5 (high): In ASUS RT-AX3000, ZenWiFi AX (XT8), RT-AX88U, and other ASUS routers with firmware < 3.0.0.4.386.42095 or < 9.0.0.4.386.41994, when IPv6…
CVE-2021-41436 — CVSS 7.5 (high): An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U…
CVE-2023-34358 — CVSS 7.5 (high): ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. A remote attacker can send a specially crafted request to a device…
CVE-2023-34359 — CVSS 7.5 (high): ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. A remote attacker can send a specially crafted request to the device…
CVE-2021-41437 — CVSS 6.5 (medium): An HTTP response splitting attack in web application in ASUS RT-AX88U before v3.0.0.4.388.20558 allows an attacker to craft a specific URL…
CVE-2022-26673 — CVSS 5.4 (medium): ASUS RT-AX88U has insufficient filtering for special characters in the HTTP header parameter. A remote attacker with general user privilege…