Asus Hg100 Firmware vulnerabilities

CVE-2019-11060 [HIGH] CWE-400 CVE-2019-11060: The web api server on Port 8080 of ASUS HG100 firmware up to 1.05.12, which is vulnerable to Slowlor The web api server on Port 8080 of ASUS HG100 firmware up to 1.05.12, which is vulnerable to Slowloris HTTP Denial of Service: an attacker can cause a Denial of Service (DoS) by sending headers very slowly to keep HTTP or HTTPS connections and associated resources alive for a long period of time. CVSS 3.0 Base score 7.4 (Availability impacts). CVSS ve

CVE-2019-11061 [CRITICAL] CWE-306 CVE-2019-11061: A broken access control vulnerability in HG100 firmware versions up to 4.00.06 allows an attacker in A broken access control vulnerability in HG100 firmware versions up to 4.00.06 allows an attacker in the same local area network to control IoT devices that connect with itself via http://[target]/smarthome/devicecontrol without any authentication. CVSS 3.0 base score 10 (Confidentiality, Integrity and Availability impacts). CVSS vector: (CVSS:3.0

CVE-2018-11491 [CRITICAL] CWE-287 CVE-2018-11491: ASUS HG100 devices with firmware before 1.05.12 allow unauthenticated access, leading to remote comm ASUS HG100 devices with firmware before 1.05.12 allow unauthenticated access, leading to remote command execution.