Asus Firmware vulnerabilities
3 known vulnerabilities affecting asus/asus_firmware.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2025-15101HIGHCVSS 8.5≤ 3.0.0.6_1022026-03-26
CVE-2025-15101 [HIGH] CWE-78 CVE-2025-15101: A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Web management interfac
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Web management interface of certain ASUS router models. This vulnerability potentially allows actions to be performed with the existing privileges of an authenticated user on the affected device, including the ability to execute system commands through unintended mechanisms.
R
nvd
CVE-2018-8878MEDIUMCVSS 5.3fixed in 3.0.0.4.382.504702020-02-27
CVE-2018-8878 [MEDIUM] CWE-200 CVE-2018-8878: Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmwar
Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network devices' hostnames and MAC addresses by reading the custom_id variable on the blocking.asp page.
nvd
CVE-2018-8877MEDIUMCVSS 5.3fixed in 3.0.0.4.382.504702020-02-27
CVE-2018-8877 [MEDIUM] CWE-200 CVE-2018-8877: Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmwar
Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network IP address ranges by reading the new_lan_ip variable on the error_page.htm page.
nvd