Asus Rt-Ac3200 Firmware vulnerabilities

7 known vulnerabilities affecting asus/rt-ac3200_firmware.

Total CVEs
7
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH1MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2021-43702CRITICALCVSS 9.0v3.0.0.4.386.460612022-07-05
CVE-2021-43702 [CRITICAL] CWE-79 CVE-2021-43702: ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin pa ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device.
nvd
CVE-2018-14714CRITICALCVSS 9.8v3.0.0.4.382.500102019-05-13
CVE-2018-14714 [CRITICAL] CVE-2018-14714: System command injection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers System command injection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute system commands via the "load_script" URL parameter.
nvd
CVE-2018-14713HIGHCVSS 8.1v3.0.0.4.382.500102019-05-13
CVE-2018-14713 [HIGH] CWE-134 CVE-2018-14713: Format string vulnerability in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attacke Format string vulnerability in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to read arbitrary sections of memory and CPU registers via the "hook" URL parameter.
nvd
CVE-2018-14712MEDIUMCVSS 6.5v3.0.0.4.382.500102019-05-13
CVE-2018-14712 [MEDIUM] CWE-119 CVE-2018-14712: Buffer overflow in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to inject Buffer overflow in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to inject system commands via the "hook" URL parameter.
nvd
CVE-2018-14711MEDIUMCVSS 6.5v3.0.0.4.382.500102019-05-13
CVE-2018-14711 [MEDIUM] CWE-352 CVE-2018-14711: Missing cross-site request forgery protection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50 Missing cross-site request forgery protection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to cause state-changing actions with specially crafted URLs.
nvd
CVE-2018-14710MEDIUMCVSS 6.1v3.0.0.4.382.500102019-05-13
CVE-2018-14710 [MEDIUM] CWE-79 CVE-2018-14710: Cross-site scripting in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to e Cross-site scripting in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute JavaScript via the "hook" URL parameter.
nvd
CVE-2018-9285CRITICALCVSS 9.8PoCfixed in 3.0.0.4.382.500102018-04-04
CVE-2018-9285 [CRITICAL] CWE-78 CVE-2018-9285: Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, R Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.384_10007; RT-N18U devices before 3.0.0.4.382.39935; RT-AC87U and RT-AC3200 devices before 3.0.0.4.382.50010; and RT-AC5300 devices before 3.0.0.4.384.20287 allows OS command injection via the pingCNT and
nvd