Skip to main content

Rt Ac86U Firmware

20 CVEs product

Monthly

CVE-2023-39240 HIGH This Week

It is identified a format string vulnerability in ASUS RT-AX56U V2’s iperf client function API. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Rt Ax55 Firmware Rt Ax56U V2 Firmware Rt Ac86U Firmware
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2023-39239 HIGH This Week

It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Rt Ax55 Firmware Rt Ax56U V2 Firmware Rt Ac86U Firmware
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2023-39238 HIGH This Week

It is identified a format string vulnerability in ASUS RT-AX56U V2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Rt Ax55 Firmware Rt Ax56U V2 Firmware Rt Ac86U Firmware
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2023-39237 HIGH This Week

ASUS RT-AC86U Traffic Analyzer - Apps analysis function has insufficient filtering of special character. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Rt Ac86U Firmware
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-39236 HIGH This Week

ASUS RT-AC86U Traffic Analyzer - Statistic function has insufficient filtering of special character. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Rt Ac86U Firmware
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-38033 HIGH This Week

ASUS RT-AC86U unused Traffic Analyzer legacy Statistic function has insufficient filtering of special character. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Rt Ac86U Firmware
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-38032 HIGH This Week

ASUS RT-AC86U AiProtection security- related function has insufficient filtering of special character. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Rt Ac86U Firmware
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-38031 HIGH This Week

ASUS RT-AC86U Adaptive QoS - Web History function has insufficient filtering of special character. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Rt Ac86U Firmware
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-35087 CRITICAL Act Now

It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Rt Ac86U Firmware Rt Ax56U V2 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-35086 HIGH This Week

It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Rt Ac86U Firmware Rt Ax56U V2 Firmware
NVD
CVSS 3.1
7.2
EPSS
38.9%
CVE-2023-28703 HIGH This Week

ASUS RT-AC86U’s specific cgi function has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Rt Ac86U Firmware
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-28702 HIGH This Week

ASUS RT-AC86U does not filter special characters for parameters in specific web URLs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Rt Ac86U Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-25597 HIGH This Week

ASUS RT-AC86U’s LPD service has insufficient filtering for special characters in the user request, which allows an unauthenticated LAN attacker to perform command injection attack, execute arbitrary. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Rt Ac86U Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-25596 HIGH This Week

ASUS RT-AC56U’s configuration function has a heap-based buffer overflow vulnerability due to insufficient validation for the decryption parameter length, which allows an unauthenticated LAN attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Rt Ac86U Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-25595 MEDIUM This Month

ASUS RT-AC86U has improper user request handling, which allows an unauthenticated LAN attacker to cause a denial of service by sending particular request a server-to-client reply attempt. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Rt Ac86U Firmware
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-3128 HIGH This Week

In ASUS RT-AX3000, ZenWiFi AX (XT8), RT-AX88U, and other ASUS routers with firmware < 3.0.0.4.386.42095 or < 9.0.0.4.386.41994, when IPv6 is used, a routing loop can occur that generates excessive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zenwifi Ax Xt8 Firmware Rt Ax3000 Firmware Rt Ax55 Firmware Rt Ax56U Firmware +23
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2018-18320 CRITICAL POC Act Now

An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Rt Ac5300 Firmware Rt Ac1900P Firmware Rt Ac68U Firmware +11
NVD GitHub
CVSS 3.0
9.8
EPSS
5.2%
CVE-2018-18319 CRITICAL POC Act Now

An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Rt Ac5300 Firmware Rt Ac1900P Firmware +12
NVD GitHub
CVSS 3.0
9.8
EPSS
5.4%
CVE-2018-8826 CRITICAL Act Now

ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13, and RT-N12 D1 routers with firmware before 3.0.0.4.380.8228; RT-AC52U B1, RT-AC1200 and RT-N600 routers with firmware before. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Rt Ac51U Firmware Rt Ac58U Firmware Rt Ac66U Firmware Rt Ac1750 Firmware +9
NVD
CVSS 3.0
9.8
EPSS
4.3%
CVE-2018-9285 CRITICAL Act Now

Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.384_10007; RT-N18U devices before 3.0.0.4.382.39935;. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Rt Ac66U Firmware Rt Ac68U Firmware Rt Ac86U Firmware Rt Ac88U Firmware +7
NVD
CVSS 3.0
9.8
EPSS
3.6%
EPSS 1% CVSS 7.2
HIGH This Week

It is identified a format string vulnerability in ASUS RT-AX56U V2’s iperf client function API. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Rt Ax55 Firmware Rt Ax56U V2 Firmware +1
NVD
EPSS 1% CVSS 7.2
HIGH This Week

It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Rt Ax55 Firmware Rt Ax56U V2 Firmware +1
NVD
EPSS 1% CVSS 7.2
HIGH This Week

It is identified a format string vulnerability in ASUS RT-AX56U V2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Rt Ax55 Firmware Rt Ax56U V2 Firmware +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

ASUS RT-AC86U Traffic Analyzer - Apps analysis function has insufficient filtering of special character. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Rt Ac86U Firmware
NVD
EPSS 1% CVSS 8.8
HIGH This Week

ASUS RT-AC86U Traffic Analyzer - Statistic function has insufficient filtering of special character. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Rt Ac86U Firmware
NVD
EPSS 1% CVSS 8.8
HIGH This Week

ASUS RT-AC86U unused Traffic Analyzer legacy Statistic function has insufficient filtering of special character. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Rt Ac86U Firmware
NVD
EPSS 1% CVSS 8.8
HIGH This Week

ASUS RT-AC86U AiProtection security- related function has insufficient filtering of special character. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Rt Ac86U Firmware
NVD
EPSS 1% CVSS 8.8
HIGH This Week

ASUS RT-AC86U Adaptive QoS - Web History function has insufficient filtering of special character. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Rt Ac86U Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Rt Ac86U Firmware Rt Ax56U V2 Firmware
NVD
EPSS 39% CVSS 7.2
HIGH This Week

It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Rt Ac86U Firmware Rt Ax56U V2 Firmware
NVD
EPSS 1% CVSS 7.2
HIGH This Week

ASUS RT-AC86U’s specific cgi function has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Rt Ac86U Firmware
NVD
EPSS 1% CVSS 8.8
HIGH This Week

ASUS RT-AC86U does not filter special characters for parameters in specific web URLs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Rt Ac86U Firmware
NVD
EPSS 1% CVSS 8.8
HIGH This Week

ASUS RT-AC86U’s LPD service has insufficient filtering for special characters in the user request, which allows an unauthenticated LAN attacker to perform command injection attack, execute arbitrary. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Rt Ac86U Firmware
NVD
EPSS 1% CVSS 8.8
HIGH This Week

ASUS RT-AC56U’s configuration function has a heap-based buffer overflow vulnerability due to insufficient validation for the decryption parameter length, which allows an unauthenticated LAN attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

ASUS RT-AC86U has improper user request handling, which allows an unauthenticated LAN attacker to cause a denial of service by sending particular request a server-to-client reply attempt. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Rt Ac86U Firmware
NVD
EPSS 2% CVSS 7.5
HIGH This Week

In ASUS RT-AX3000, ZenWiFi AX (XT8), RT-AX88U, and other ASUS routers with firmware < 3.0.0.4.386.42095 or < 9.0.0.4.386.41994, when IPv6 is used, a routing loop can occur that generates excessive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zenwifi Ax Xt8 Firmware Rt Ax3000 Firmware +25
NVD
EPSS 5% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Rt Ac5300 Firmware +13
NVD GitHub
EPSS 5% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP +14
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL Act Now

ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13, and RT-N12 D1 routers with firmware before 3.0.0.4.380.8228; RT-AC52U B1, RT-AC1200 and RT-N600 routers with firmware before. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Rt Ac51U Firmware Rt Ac58U Firmware +11
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.384_10007; RT-N18U devices before 3.0.0.4.382.39935;. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Rt Ac66U Firmware Rt Ac68U Firmware +9
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy