Search Results | AttackerKB

Show filters

Topics 104 Users 9,714

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

104 Total Results

Displaying 51-60 of 104

Attacker Value

Unknown

CVE-2018-20336

Disclosure Date: September 17, 2019 (last updated November 27, 2024)

An issue was discovered in ASUSWRT 3.0.0.4.384.20308. There is a stack-based buffer overflow issue in parse_req_queries function in wanduck.c via a long string over UDP, which may lead to an information leak.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2018-14711

Disclosure Date: May 13, 2019 (last updated November 27, 2024)

Missing cross-site request forgery protection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to cause state-changing actions with specially crafted URLs.

0

Attacker Value

Unknown

CVE-2018-14713

Disclosure Date: May 13, 2019 (last updated November 27, 2024)

Format string vulnerability in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to read arbitrary sections of memory and CPU registers via the "hook" URL parameter.

0

Attacker Value

Unknown

CVE-2018-14712

Disclosure Date: May 13, 2019 (last updated November 27, 2024)

Buffer overflow in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to inject system commands via the "hook" URL parameter.

0

Attacker Value

Unknown

CVE-2018-14710

Disclosure Date: May 13, 2019 (last updated November 27, 2024)

Cross-site scripting in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute JavaScript via the "hook" URL parameter.

0

Attacker Value

Unknown

CVE-2018-14714

Disclosure Date: May 13, 2019 (last updated November 27, 2024)

System command injection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute system commands via the "load_script" URL parameter.

0

Attacker Value

Unknown

CVE-2018-18287

Disclosure Date: October 14, 2018 (last updated November 27, 2024)

On ASUS RT-AC58U 3.0.0.4.380_6516 devices, remote attackers can discover hostnames and IP addresses by reading dhcpLeaseInfo data in the HTML source code of the Main_Login.asp page.

0

Attacker Value

Unknown

CVE-2018-18291

Disclosure Date: October 14, 2018 (last updated November 27, 2024)

A cross site scripting (XSS) vulnerability on ASUS RT-AC58U 3.0.0.4.380_6516 devices allows remote attackers to inject arbitrary web script or HTML via Advanced_ASUSDDNS_Content.asp, Advanced_WSecurity_Content.asp, Advanced_Wireless_Content.asp, Logout.asp, Main_Login.asp, MobileQIS_Login.asp, QIS_wizard.htma, YandexDNS.asp, ajax_status.xml, apply.cgi, clients.asp, disk.asp, disk_utility.asp, or internet.asp.

0

Attacker Value

Unknown

CVE-2018-8826

Disclosure Date: April 20, 2018 (last updated November 26, 2024)

ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13, and RT-N12 D1 routers with firmware before 3.0.0.4.380.8228; RT-AC52U B1, RT-AC1200 and RT-N600 routers with firmware before 3.0.0.4.380.10446; RT-AC55U and RT-AC55UHP routers with firmware before 3.0.0.4.382.50276; RT-AC86U and RT-AC2900 routers with firmware before 3.0.0.4.384.20648; and possibly other RT-series routers allow remote attackers to execute arbitrary code via unspecified vectors.

0

Attacker Value

Unknown

CVE-2018-5975

Disclosure Date: February 17, 2018 (last updated November 26, 2024)

SQL Injection exists in the Smart Shoutbox 3.0.0 component for Joomla! via the shoutauthor parameter to the archive URI.

0