ASUS RT-AX88U Firmware 3.0.0.4.388.20518

CPE Details

ASUS RT-AX88U Firmware 3.0.0.4.388.20518
3.0.0.4.388.20518
2023-08-04
12h53 +00:00
2023-08-15
11h39 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:o:asus:rt-ax88u_firmware:3.0.0.4.388.20518:*:*:*:*:*:*:*

Informations

Vendor

asus

Product

rt-ax88u_firmware

Version

3.0.0.4.388.20518

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2023-41349 2023-09-18 02h36 +00:00 ASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. An authenticated remote attacker can exploit the exported OpenVPN configuration to execute an externally-controlled format string attack, resulting in sensitivity information leakage, or forcing the device to reset and permanent denial of service.
8.8
Haute
CVE-2023-34360 2023-07-31 05h32 +00:00 A stored cross-site scripting (XSS) issue was discovered within the Custom User Icons functionality of ASUS RT-AX88U running firmware versions 3.0.0.4.388.23110 and prior.  After a remote attacker logging in device with regular user privilege, the remote attacker can perform a Stored Cross-site Scripting (XSS) attack by uploading image which containing JavaScript code.
8.2
Haute
CVE-2023-34359 2023-07-31 04h31 +00:00 ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. A remote attacker can send a specially crafted request to the device which causes the httpd binary to crash within the "do_json_decode()" function of ej.c, resulting in a DoS condition.
7.5
Haute
CVE-2023-34358 2023-07-31 04h09 +00:00 ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. A remote attacker can send a specially crafted request to a device which contains a specific user agent, causing the httpd binary to crash during a string comparison performed within web.c, resulting in a DoS condition.
7.5
Haute
CVE-2021-41437 2022-09-26 11h18 +00:00 An HTTP response splitting attack in web application in ASUS RT-AX88U before v3.0.0.4.388.20558 allows an attacker to craft a specific URL that if an authenticated victim visits it, the URL will give access to the cloud storage of the attacker.
6.5
Moyen
CVE-2021-3128 2021-04-12 15h41 +00:00 In ASUS RT-AX3000, ZenWiFi AX (XT8), RT-AX88U, and other ASUS routers with firmware < 3.0.0.4.386.42095 or < 9.0.0.4.386.41994, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set.
7.5
Haute