CPE Details
ASUS RT-AC68U firmware 3.0.0.4.374_4983
3.0.0.4.374_4983
2014-04-22
17h27 +00:00
17h27 +00:00
2014-04-30
23h36 +00:00
23h36 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:o:asus:rt-ac68u_firmware:3.0.0.4.374_4983:*:*:*:*:*:*:*
Informations
Vendor
asusProduct
rt-ac68u_firmwareVersion
3.0.0.4.374_4983Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| Incorrect Access Control issue discoverd in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the source for COPY and MOVE operations. | 9.1 |
Critical |
||
| SQL injection vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to view sensitive information via /etc/shadow. | 7.5 |
High |
||
| Directory Traversal vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the target for COPY and MOVE operations. | 9.1 |
Critical |
||
| ASUS AC68U <=3.0.0.4.385.20852 is affected by a buffer overflow in blocking.cgi, which may cause a denial of service (DoS). | 7.5 |
High |
||
| Asus RT-AC68U <3.0.0.4.385.20633 and RT-AC5300 <3.0.0.4.384.82072 are affected by a buffer overflow in blocking_request.cgi. | 9.8 |
Critical |
||
| In ASUS RT-AX3000, ZenWiFi AX (XT8), RT-AX88U, and other ASUS routers with firmware < 3.0.0.4.386.42095 or < 9.0.0.4.386.41994, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set. | 7.5 |
High |
||
| Cross-site scripting vulnerability in ASUS RT-AC68U Firmware version prior to 3.0.0.4.380.1031 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
Medium |
||
| Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.384_10007; RT-N18U devices before 3.0.0.4.382.39935; RT-AC87U and RT-AC3200 devices before 3.0.0.4.382.50010; and RT-AC5300 devices before 3.0.0.4.384.20287 allows OS command injection via the pingCNT and destIP fields of the SystemCmd variable. | 9.8 |
Critical |
||
| ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors. | 6.5 |
|||
| Cross-site request forgery (CSRF) vulnerability on ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allows remote attackers to hijack the authentication of arbitrary users. | 6.8 |
|||
| Cross-site scripting (XSS) vulnerability in Advanced_Wireless_Content.asp in ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote attackers to inject arbitrary web script or HTML via the current_page parameter to apply.cgi. | 4.3 |
