Check CVE Id
Check CWE Id
(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))
CVSS Base Score
An issue was discovered in ASUSWRT 22.214.171.124.384.20308. There is a stack-based buffer overflow issue in parse_req_queries function in wanduck.c via a long string over UDP, which may lead to an information leak.
AsusPTPFilter.sys on Asus Precision TouchPad 126.96.36.199 hardware has a Pool Overflow associated with the \\.\AsusTP device, leading to a DoS or potentially privilege escalation via a crafted DeviceIoControl call.
A broken access control vulnerability in SmartHome app (Android versions up to 3.0.42_190515, ios versions up to 2.0.22) allows an attacker in the same local area network to list user accounts and control IoT devices that connect with its gateway (HG...
The web api server on Port 8080 of ASUS HG100 firmware up to 1.05.12, which is vulnerable to Slowloris HTTP Denial of Service: an attacker can cause a Denial of Service (DoS) by sending headers very slowly to keep HTTP or HTTPS connections and associ...
System command injection in appGet.cgi on ASUS RT-AC3200 version 188.8.131.52.382.50010 allows attackers to execute system commands via the "load_script" URL parameter.
Format string vulnerability in appGet.cgi on ASUS RT-AC3200 version 184.108.40.206.382.50010 allows attackers to read arbitrary sections of memory and CPU registers via the "hook" URL parameter.
Buffer overflow in appGet.cgi on ASUS RT-AC3200 version 220.127.116.11.382.50010 allows attackers to inject system commands via the "hook" URL parameter.
Missing cross-site request forgery protection in appGet.cgi on ASUS RT-AC3200 version 18.104.22.168.382.50010 allows attackers to cause state-changing actions with specially crafted URLs.
Back to Top