Asus Rt-Ax55 vulnerabilities

CVE-2024-11985 [MEDIUM] CWE-20 CVE-2024-11985: An improper input validation vulnerability leads to device crashes in certain ASUS router models. R An improper input validation vulnerability leads to device crashes in certain ASUS router models. Refer to the '12/03/2024 ASUS Router Improper Input Validation' section on the ASUS Security Advisory for more information.

CVE-2024-0401 [HIGH] CWE-78 CVE-2024-0401: ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. An ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. An authenticated and remote attacker can execute arbitrary operating system commands by uploading a crafted OVPN profile. Known affected routers include ASUS ExpertWiFi, ASUS RT-AX55, ASUS RT-AX58U, ASUS RT-AC67U, ASUS RT-AC68R, ASUS RT-AC68U, ASUS RT-AX86,

CVE-2023-41347 [HIGH] CWE-78 CVE-2023-41347: ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of spec ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its check token module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services.

CVE-2023-41346 [HIGH] CWE-78 CVE-2023-41346: ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of spec ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-refresh module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services.

CVE-2023-41348 [HIGH] CWE-78 CVE-2023-41348: ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of spec ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its code-authentication module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services.

CVE-2023-41345 [HIGH] CWE-78 CVE-2023-41345: ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of spec ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-generated module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system, or terminate services.

CVE-2023-39780 [HIGH] CWE-78 CVE-2023-39780: On ASUS RT-AX55 3.0.0.4.386.51598 devices, authenticated attackers can perform OS command injection On ASUS RT-AX55 3.0.0.4.386.51598 devices, authenticated attackers can perform OS command injection via the /start_apply.htm qos_bw_rulelist parameter. NOTE: for the similar "token-generated module" issue, see CVE-2023-41345; for the similar "token-refresh module" issue, see CVE-2023-41346; for the similar "check token module" issue, see CVE-2023-41347;

CVE-2023-39238 [HIGH] CWE-134 CVE-2023-39238: It is identified a format string vulnerability in ASUS RT-AX56U V2. This vulnerability is caused by It is identified a format string vulnerability in ASUS RT-AX56U V2. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_svr.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service.

CVE-2023-39240 [HIGH] CWE-134 CVE-2023-39240: It is identified a format string vulnerability in ASUS RT-AX56U V2’s iperf client function API. Thi It is identified a format string vulnerability in ASUS RT-AX56U V2’s iperf client function API. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_cli.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operatio

CVE-2023-39239 [HIGH] CWE-134 CVE-2023-39239: It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API. This vul It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API. This vulnerability is caused by lacking validation for a specific value within its apply.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt s

CVE-2021-37910 [LOW] CWE-799 CVE-2021-37910: ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has improper control of Interaction ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has improper control of Interaction frequency vulnerability, an unauthenticated attacker can remotely disconnect other users' connections by sending specially crafted SAE authentication frames.