CVEDB API

Vulnerabilities

Vulnerable Software

Asus: >> Asuswrt >> 3.0.0.4.380.7743 Security Vulnerabilities

CVE-2022-26376

A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.

CVSS Score

5.3

EPSS Score

0.003

Published

2022-08-05

CVE-2017-15654

Highly predictable session tokens in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allow gaining administrative router access.

CVSS Score

8.3

EPSS Score

0.01

Published

2018-01-31

CVE-2017-15656

Password are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt.

CVSS Score

8.8

EPSS Score

0.005

Published

2018-01-31

CVE-2018-5999

An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails.

CVSS Score

9.8

EPSS Score

0.909

Published

2018-01-22

CVE-2018-6000

An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpnupload.cgi provides functionality for setting NVRAM configuration values, which allows attackers to set the admin password and launch an SSH daemon (or enable infosvr command mode), and consequently obtain remote administrative access, via a crafted request. This is available to unauthenticated attackers in conjunction with CVE-2018-5999.

CVSS Score

9.8

EPSS Score

0.908

Published

2018-01-22

Page 1

Vulnerabilities

Vulnerable Software

Asus: >> Asuswrt >> 3.0.0.4.380.7743 Security Vulnerabilities

Products

Pricing

Contact Us