Search
Find a vulnerability
Search criteria
17 vulnerabilities by ASUS Japan Inc.
CVE-2018-0647 (GCVE-0-2018-0647)
Vulnerability from nvd – Published: 2018-09-07 14:00 – Updated: 2024-08-05 03:35
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in WL-330NUL Firmware version prior to 3.0.0.46 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site request forgery
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.asus.com/us/Networking/WL330NUL/HelpD… | x_refsource_MISC |
| http://jvn.jp/en/jp/JVN71329812/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ASUS Japan Inc. | WL-330NUL |
Affected:
Firmware version prior to 3.0.0.46
|
Date Public
2018-07-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:48.902Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/us/Networking/WL330NUL/HelpDesk_BIOS/"
},
{
"name": "JVN#71329812",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN71329812/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WL-330NUL",
"vendor": "ASUS Japan Inc.",
"versions": [
{
"status": "affected",
"version": "Firmware version prior to 3.0.0.46"
}
]
}
],
"datePublic": "2018-07-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in WL-330NUL Firmware version prior to 3.0.0.46 allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T13:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/us/Networking/WL330NUL/HelpDesk_BIOS/"
},
{
"name": "JVN#71329812",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN71329812/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0647",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WL-330NUL",
"version": {
"version_data": [
{
"version_value": "Firmware version prior to 3.0.0.46"
}
]
}
}
]
},
"vendor_name": "ASUS Japan Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in WL-330NUL Firmware version prior to 3.0.0.46 allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/us/Networking/WL330NUL/HelpDesk_BIOS/",
"refsource": "MISC",
"url": "https://www.asus.com/us/Networking/WL330NUL/HelpDesk_BIOS/"
},
{
"name": "JVN#71329812",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN71329812/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0647",
"datePublished": "2018-09-07T14:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:35:48.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0583 (GCVE-0-2018-0583)
Vulnerability from nvd – Published: 2018-05-14 13:00 – Updated: 2024-08-05 03:28
VLAI
Summary
Cross-site scripting vulnerability in ASUS RT-AC1200HP Firmware version prior to 3.0.0.4.380.4180 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.asus.com/Networking/RTAC1200HP/HelpDe… | x_refsource_MISC |
| http://jvn.jp/en/jp/JVN34562916/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ASUS Japan Inc. | RT-AC1200HP |
Affected:
Firmware version prior to 3.0.0.4.380.4180
|
Date Public
2018-05-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.233Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/Networking/RTAC1200HP/HelpDesk_BIOS/"
},
{
"name": "JVN#34562916",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN34562916/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RT-AC1200HP",
"vendor": "ASUS Japan Inc.",
"versions": [
{
"status": "affected",
"version": "Firmware version prior to 3.0.0.4.380.4180"
}
]
}
],
"datePublic": "2018-05-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in ASUS RT-AC1200HP Firmware version prior to 3.0.0.4.380.4180 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-14T12:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/Networking/RTAC1200HP/HelpDesk_BIOS/"
},
{
"name": "JVN#34562916",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN34562916/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0583",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RT-AC1200HP",
"version": {
"version_data": [
{
"version_value": "Firmware version prior to 3.0.0.4.380.4180"
}
]
}
}
]
},
"vendor_name": "ASUS Japan Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in ASUS RT-AC1200HP Firmware version prior to 3.0.0.4.380.4180 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/Networking/RTAC1200HP/HelpDesk_BIOS/",
"refsource": "MISC",
"url": "https://www.asus.com/Networking/RTAC1200HP/HelpDesk_BIOS/"
},
{
"name": "JVN#34562916",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN34562916/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0583",
"datePublished": "2018-05-14T13:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:28:11.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0582 (GCVE-0-2018-0582)
Vulnerability from nvd – Published: 2018-05-14 13:00 – Updated: 2024-08-05 03:28
VLAI
Summary
Cross-site scripting vulnerability in ASUS RT-AC68U Firmware version prior to 3.0.0.4.380.1031 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN73742314/index.html | third-party-advisoryx_refsource_JVN |
| https://www.asus.com/Networking/RTAC68U/HelpDesk_BIOS/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ASUS Japan Inc. | RT-AC68U |
Affected:
Firmware version prior to 3.0.0.4.380.1031
|
Date Public
2018-05-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#73742314",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN73742314/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/Networking/RTAC68U/HelpDesk_BIOS/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RT-AC68U",
"vendor": "ASUS Japan Inc.",
"versions": [
{
"status": "affected",
"version": "Firmware version prior to 3.0.0.4.380.1031"
}
]
}
],
"datePublic": "2018-05-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in ASUS RT-AC68U Firmware version prior to 3.0.0.4.380.1031 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-14T12:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#73742314",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN73742314/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/Networking/RTAC68U/HelpDesk_BIOS/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0582",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RT-AC68U",
"version": {
"version_data": [
{
"version_value": "Firmware version prior to 3.0.0.4.380.1031"
}
]
}
}
]
},
"vendor_name": "ASUS Japan Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in ASUS RT-AC68U Firmware version prior to 3.0.0.4.380.1031 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#73742314",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN73742314/index.html"
},
{
"name": "https://www.asus.com/Networking/RTAC68U/HelpDesk_BIOS/",
"refsource": "MISC",
"url": "https://www.asus.com/Networking/RTAC68U/HelpDesk_BIOS/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0582",
"datePublished": "2018-05-14T13:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:28:11.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0581 (GCVE-0-2018-0581)
Vulnerability from nvd – Published: 2018-05-14 13:00 – Updated: 2024-08-05 03:28
VLAI
Summary
Cross-site scripting vulnerability in ASUS RT-AC87U Firmware version prior to 3.0.0.4.378.9383 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN33901663/index.html | third-party-advisoryx_refsource_JVN |
| https://www.asus.com/Networking/RTAC87U/HelpDesk_BIOS/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ASUS Japan Inc. | RT-AC87U |
Affected:
Firmware version prior to 3.0.0.4.378.9383
|
Date Public
2018-05-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#33901663",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN33901663/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/Networking/RTAC87U/HelpDesk_BIOS/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RT-AC87U",
"vendor": "ASUS Japan Inc.",
"versions": [
{
"status": "affected",
"version": "Firmware version prior to 3.0.0.4.378.9383"
}
]
}
],
"datePublic": "2018-05-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in ASUS RT-AC87U Firmware version prior to 3.0.0.4.378.9383 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-14T12:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#33901663",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN33901663/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/Networking/RTAC87U/HelpDesk_BIOS/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0581",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RT-AC87U",
"version": {
"version_data": [
{
"version_value": "Firmware version prior to 3.0.0.4.378.9383"
}
]
}
}
]
},
"vendor_name": "ASUS Japan Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in ASUS RT-AC87U Firmware version prior to 3.0.0.4.378.9383 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#33901663",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN33901663/index.html"
},
{
"name": "https://www.asus.com/Networking/RTAC87U/HelpDesk_BIOS/",
"refsource": "MISC",
"url": "https://www.asus.com/Networking/RTAC87U/HelpDesk_BIOS/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0581",
"datePublished": "2018-05-14T13:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:28:11.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0647 (GCVE-0-2018-0647)
Vulnerability from cvelistv5 – Published: 2018-09-07 14:00 – Updated: 2024-08-05 03:35
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in WL-330NUL Firmware version prior to 3.0.0.46 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site request forgery
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.asus.com/us/Networking/WL330NUL/HelpD… | x_refsource_MISC |
| http://jvn.jp/en/jp/JVN71329812/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ASUS Japan Inc. | WL-330NUL |
Affected:
Firmware version prior to 3.0.0.46
|
Date Public
2018-07-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:48.902Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/us/Networking/WL330NUL/HelpDesk_BIOS/"
},
{
"name": "JVN#71329812",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN71329812/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WL-330NUL",
"vendor": "ASUS Japan Inc.",
"versions": [
{
"status": "affected",
"version": "Firmware version prior to 3.0.0.46"
}
]
}
],
"datePublic": "2018-07-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in WL-330NUL Firmware version prior to 3.0.0.46 allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T13:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/us/Networking/WL330NUL/HelpDesk_BIOS/"
},
{
"name": "JVN#71329812",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN71329812/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0647",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WL-330NUL",
"version": {
"version_data": [
{
"version_value": "Firmware version prior to 3.0.0.46"
}
]
}
}
]
},
"vendor_name": "ASUS Japan Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in WL-330NUL Firmware version prior to 3.0.0.46 allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/us/Networking/WL330NUL/HelpDesk_BIOS/",
"refsource": "MISC",
"url": "https://www.asus.com/us/Networking/WL330NUL/HelpDesk_BIOS/"
},
{
"name": "JVN#71329812",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN71329812/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0647",
"datePublished": "2018-09-07T14:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:35:48.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0581 (GCVE-0-2018-0581)
Vulnerability from cvelistv5 – Published: 2018-05-14 13:00 – Updated: 2024-08-05 03:28
VLAI
Summary
Cross-site scripting vulnerability in ASUS RT-AC87U Firmware version prior to 3.0.0.4.378.9383 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN33901663/index.html | third-party-advisoryx_refsource_JVN |
| https://www.asus.com/Networking/RTAC87U/HelpDesk_BIOS/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ASUS Japan Inc. | RT-AC87U |
Affected:
Firmware version prior to 3.0.0.4.378.9383
|
Date Public
2018-05-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#33901663",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN33901663/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/Networking/RTAC87U/HelpDesk_BIOS/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RT-AC87U",
"vendor": "ASUS Japan Inc.",
"versions": [
{
"status": "affected",
"version": "Firmware version prior to 3.0.0.4.378.9383"
}
]
}
],
"datePublic": "2018-05-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in ASUS RT-AC87U Firmware version prior to 3.0.0.4.378.9383 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-14T12:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#33901663",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN33901663/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/Networking/RTAC87U/HelpDesk_BIOS/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0581",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RT-AC87U",
"version": {
"version_data": [
{
"version_value": "Firmware version prior to 3.0.0.4.378.9383"
}
]
}
}
]
},
"vendor_name": "ASUS Japan Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in ASUS RT-AC87U Firmware version prior to 3.0.0.4.378.9383 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#33901663",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN33901663/index.html"
},
{
"name": "https://www.asus.com/Networking/RTAC87U/HelpDesk_BIOS/",
"refsource": "MISC",
"url": "https://www.asus.com/Networking/RTAC87U/HelpDesk_BIOS/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0581",
"datePublished": "2018-05-14T13:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:28:11.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0582 (GCVE-0-2018-0582)
Vulnerability from cvelistv5 – Published: 2018-05-14 13:00 – Updated: 2024-08-05 03:28
VLAI
Summary
Cross-site scripting vulnerability in ASUS RT-AC68U Firmware version prior to 3.0.0.4.380.1031 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN73742314/index.html | third-party-advisoryx_refsource_JVN |
| https://www.asus.com/Networking/RTAC68U/HelpDesk_BIOS/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ASUS Japan Inc. | RT-AC68U |
Affected:
Firmware version prior to 3.0.0.4.380.1031
|
Date Public
2018-05-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#73742314",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN73742314/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/Networking/RTAC68U/HelpDesk_BIOS/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RT-AC68U",
"vendor": "ASUS Japan Inc.",
"versions": [
{
"status": "affected",
"version": "Firmware version prior to 3.0.0.4.380.1031"
}
]
}
],
"datePublic": "2018-05-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in ASUS RT-AC68U Firmware version prior to 3.0.0.4.380.1031 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-14T12:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#73742314",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN73742314/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/Networking/RTAC68U/HelpDesk_BIOS/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0582",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RT-AC68U",
"version": {
"version_data": [
{
"version_value": "Firmware version prior to 3.0.0.4.380.1031"
}
]
}
}
]
},
"vendor_name": "ASUS Japan Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in ASUS RT-AC68U Firmware version prior to 3.0.0.4.380.1031 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#73742314",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN73742314/index.html"
},
{
"name": "https://www.asus.com/Networking/RTAC68U/HelpDesk_BIOS/",
"refsource": "MISC",
"url": "https://www.asus.com/Networking/RTAC68U/HelpDesk_BIOS/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0582",
"datePublished": "2018-05-14T13:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:28:11.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0583 (GCVE-0-2018-0583)
Vulnerability from cvelistv5 – Published: 2018-05-14 13:00 – Updated: 2024-08-05 03:28
VLAI
Summary
Cross-site scripting vulnerability in ASUS RT-AC1200HP Firmware version prior to 3.0.0.4.380.4180 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.asus.com/Networking/RTAC1200HP/HelpDe… | x_refsource_MISC |
| http://jvn.jp/en/jp/JVN34562916/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ASUS Japan Inc. | RT-AC1200HP |
Affected:
Firmware version prior to 3.0.0.4.380.4180
|
Date Public
2018-05-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.233Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/Networking/RTAC1200HP/HelpDesk_BIOS/"
},
{
"name": "JVN#34562916",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN34562916/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RT-AC1200HP",
"vendor": "ASUS Japan Inc.",
"versions": [
{
"status": "affected",
"version": "Firmware version prior to 3.0.0.4.380.4180"
}
]
}
],
"datePublic": "2018-05-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in ASUS RT-AC1200HP Firmware version prior to 3.0.0.4.380.4180 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-14T12:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/Networking/RTAC1200HP/HelpDesk_BIOS/"
},
{
"name": "JVN#34562916",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN34562916/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0583",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RT-AC1200HP",
"version": {
"version_data": [
{
"version_value": "Firmware version prior to 3.0.0.4.380.4180"
}
]
}
}
]
},
"vendor_name": "ASUS Japan Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in ASUS RT-AC1200HP Firmware version prior to 3.0.0.4.380.4180 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/Networking/RTAC1200HP/HelpDesk_BIOS/",
"refsource": "MISC",
"url": "https://www.asus.com/Networking/RTAC1200HP/HelpDesk_BIOS/"
},
{
"name": "JVN#34562916",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN34562916/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0583",
"datePublished": "2018-05-14T13:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:28:11.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2018-000082
Vulnerability from jvndb - Published: 2018-07-20 15:41 - Updated:2019-07-25 14:38
Severity
Summary
WL-330NUL vulnerable to cross-site request forgery
Details
WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains a cross-site request forgery vulnerability (CWE-352).
Masashi Sakai reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000082.html",
"dc:date": "2019-07-25T14:38+09:00",
"dcterms:issued": "2018-07-20T15:41+09:00",
"dcterms:modified": "2019-07-25T14:38+09:00",
"description": "WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains a cross-site request forgery vulnerability (CWE-352).\r\n\r\nMasashi Sakai reported this vulnerability to IPA.\r\n JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000082.html",
"sec:cpe": {
"#text": "cpe:/a:misc:asus_japan_wl-330nul",
"@product": "WL-330NUL",
"@vendor": "ASUS JAPAN Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000082",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN71329812/index.html",
"@id": "JVN#71329812",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0647",
"@id": "CVE-2018-0647",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0647",
"@id": "CVE-2018-0647",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "WL-330NUL vulnerable to cross-site request forgery"
}
JVNDB-2018-000043
Vulnerability from jvndb - Published: 2018-05-09 15:37 - Updated:2018-08-30 12:15
Severity
Summary
RT-AC1200HP vulnerable to cross-site scripting
Details
RT-AC1200HP provided by ASUS Japan Inc. is a wireless LAN router. RT-AC1200HP contains a cross-site scripting vulnerability (CWE-79).
Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000043.html",
"dc:date": "2018-08-30T12:15+09:00",
"dcterms:issued": "2018-05-09T15:37+09:00",
"dcterms:modified": "2018-08-30T12:15+09:00",
"description": "RT-AC1200HP provided by ASUS Japan Inc. is a wireless LAN router. RT-AC1200HP contains a cross-site scripting vulnerability (CWE-79).\r\n\r\nSatoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000043.html",
"sec:cpe": {
"#text": "cpe:/h:misc:asus_japan_rt-ac1200hp",
"@product": "RT-AC1200HP",
"@vendor": "ASUS JAPAN Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000043",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN34562916/index.html",
"@id": "JVN#34562916",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0583",
"@id": "CVE-2018-0583",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0583",
"@id": "CVE-2018-0583",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "RT-AC1200HP vulnerable to cross-site scripting"
}
JVNDB-2018-000042
Vulnerability from jvndb - Published: 2018-05-09 15:37 - Updated:2018-08-30 12:32
Severity
Summary
RT-AC87U vulnerable to cross-site scripting
Details
RT-AC87U provided by ASUS Japan Inc. is a wireless LAN router. RT-AC87U contains a cross-site scripting vulnerability (CWE-79).
Keigo Yamazaki of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000042.html",
"dc:date": "2018-08-30T12:32+09:00",
"dcterms:issued": "2018-05-09T15:37+09:00",
"dcterms:modified": "2018-08-30T12:32+09:00",
"description": "RT-AC87U provided by ASUS Japan Inc. is a wireless LAN router. RT-AC87U contains a cross-site scripting vulnerability (CWE-79).\r\n\r\nKeigo Yamazaki of LAC Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000042.html",
"sec:cpe": {
"#text": "cpe:/h:misc:asus_japan_rt-ac87u",
"@product": "RT-AC87U",
"@vendor": "ASUS JAPAN Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000042",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN33901663/index.html",
"@id": "JVN#33901663",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0581",
"@id": "CVE-2018-0581",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0581",
"@id": "CVE-2018-0581",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "RT-AC87U vulnerable to cross-site scripting"
}
JVNDB-2015-000195
Vulnerability from jvndb - Published: 2015-12-09 14:51 - Updated:2016-01-13 17:37
Severity
Summary
WL-330NUL vulnerable to cross-site scripting
Details
WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains a stored cross-site scripting vulnerability.
TAIZO TSUKAMOTO of GLOBAL SECURITY EXPERTS Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000195.html",
"dc:date": "2016-01-13T17:37+09:00",
"dcterms:issued": "2015-12-09T14:51+09:00",
"dcterms:modified": "2016-01-13T17:37+09:00",
"description": "WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains a stored cross-site scripting vulnerability.\r\n\r\nTAIZO TSUKAMOTO of GLOBAL SECURITY EXPERTS Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000195.html",
"sec:cpe": {
"#text": "cpe:/a:misc:asus_japan_wl-330nul",
"@product": "WL-330NUL",
"@vendor": "ASUS JAPAN Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2015-000195",
"sec:references": [
{
"#text": "https://jvn.jp/jp/JVN89965717/index.html",
"@id": "JVN#89965717",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7790",
"@id": "CVE-2015-7790",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7790",
"@id": "CVE-2015-7790",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "WL-330NUL vulnerable to cross-site scripting"
}
JVNDB-2015-000194
Vulnerability from jvndb - Published: 2015-12-09 14:47 - Updated:2016-01-13 17:37
Severity
Summary
WL-330NUL vulnerable to denial-of-service (DoS)
Details
WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains a denial-of-service (DoS) vulnerability.
TAIZO TSUKAMOTO of GLOBAL SECURITY EXPERTS Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000194.html",
"dc:date": "2016-01-13T17:37+09:00",
"dcterms:issued": "2015-12-09T14:47+09:00",
"dcterms:modified": "2016-01-13T17:37+09:00",
"description": "WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains a denial-of-service (DoS) vulnerability.\r\n\r\nTAIZO TSUKAMOTO of GLOBAL SECURITY EXPERTS Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000194.html",
"sec:cpe": {
"#text": "cpe:/a:misc:asus_japan_wl-330nul",
"@product": "WL-330NUL",
"@vendor": "ASUS JAPAN Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "3.3",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2015-000194",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN85359294/index.html",
"@id": "JVN#85359294",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7789",
"@id": "CVE-2015-7789",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7789",
"@id": "CVE-2015-7789",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "WL-330NUL vulnerable to denial-of-service (DoS)"
}
JVNDB-2015-000193
Vulnerability from jvndb - Published: 2015-12-09 14:41 - Updated:2016-01-13 17:37
Severity
Summary
WL-330NUL vulnerable to remote command execution
Details
WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains a remote command execution vulnerability.
TAIZO TSUKAMOTO of GLOBAL SECURITY EXPERTS Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000193.html",
"dc:date": "2016-01-13T17:37+09:00",
"dcterms:issued": "2015-12-09T14:41+09:00",
"dcterms:modified": "2016-01-13T17:37+09:00",
"description": "WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains a remote command execution vulnerability.\r\n\r\nTAIZO TSUKAMOTO of GLOBAL SECURITY EXPERTS Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000193.html",
"sec:cpe": {
"#text": "cpe:/a:misc:asus_japan_wl-330nul",
"@product": "WL-330NUL",
"@vendor": "ASUS JAPAN Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "6.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2015-000193",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN34489380/index.html",
"@id": "JVN#34489380",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7788",
"@id": "CVE-2015-7788",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7788",
"@id": "CVE-2015-7788",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
}
],
"title": "WL-330NUL vulnerable to remote command execution"
}
JVNDB-2015-000192
Vulnerability from jvndb - Published: 2015-12-09 14:38 - Updated:2016-01-13 17:37
Severity
Summary
WL-330NUL information management vulnerability
Details
WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains an issue in information management.
TAIZO TSUKAMOTO of GLOBAL SECURITY EXPERTS Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000192.html",
"dc:date": "2016-01-13T17:37+09:00",
"dcterms:issued": "2015-12-09T14:38+09:00",
"dcterms:modified": "2016-01-13T17:37+09:00",
"description": "WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains an issue in information management.\r\n\r\nTAIZO TSUKAMOTO of GLOBAL SECURITY EXPERTS Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000192.html",
"sec:cpe": {
"#text": "cpe:/a:misc:asus_japan_wl-330nul",
"@product": "WL-330NUL",
"@vendor": "ASUS JAPAN Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "3.3",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2015-000192",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN69462495/index.html",
"@id": "JVN#69462495",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7787",
"@id": "CVE-2015-7787",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7787",
"@id": "CVE-2015-7787",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "WL-330NUL information management vulnerability"
}
JVNDB-2015-000012
Vulnerability from jvndb - Published: 2015-01-27 14:24 - Updated:2015-06-17 16:42Summary
Multiple ASUS wireless LAN routers vulnerable to cross-site request forgery
Details
Multiple wireless LAN routers provided by ASUS JAPAN Inc. contain a cross-site request forgery vulnerability.
Masashi Sakai reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000012.html",
"dc:date": "2015-06-17T16:42+09:00",
"dcterms:issued": "2015-01-27T14:24+09:00",
"dcterms:modified": "2015-06-17T16:42+09:00",
"description": "Multiple wireless LAN routers provided by ASUS JAPAN Inc. contain a cross-site request forgery vulnerability.\r\n\r\nMasashi Sakai reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000012.html",
"sec:cpe": [
{
"#text": "cpe:/h:misc:asus_japan_rt-ac56s",
"@product": "RT-AC56S",
"@vendor": "ASUS JAPAN Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/h:misc:asus_japan_rt-ac68u",
"@product": "RT-AC68U",
"@vendor": "ASUS JAPAN Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/h:misc:asus_japan_rt-ac87u",
"@product": "RT-AC87U",
"@vendor": "ASUS JAPAN Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/h:misc:asus_japan_rt-n56u",
"@product": "RT-N56U",
"@vendor": "ASUS JAPAN Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/h:misc:asus_japan_rt-n66u",
"@product": "RT-N66U",
"@vendor": "ASUS JAPAN Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000012",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN32631078/index.html",
"@id": "JVN#32631078",
"@source": "JVN"
},
{
"#text": "//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7270",
"@id": "CVE-2014-7270",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7270",
"@id": "CVE-2014-7270",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "Multiple ASUS wireless LAN routers vulnerable to cross-site request forgery"
}
JVNDB-2015-000011
Vulnerability from jvndb - Published: 2015-01-27 14:23 - Updated:2015-06-17 16:42Summary
Multiple ASUS wireless LAN routers vulnerable to OS command injection
Details
Multiple wireless LAN routers provided by ASUS JAPAN Inc. contain an OS command injection vulnerability.
Masashi Sakai reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000011.html",
"dc:date": "2015-06-17T16:42+09:00",
"dcterms:issued": "2015-01-27T14:23+09:00",
"dcterms:modified": "2015-06-17T16:42+09:00",
"description": "Multiple wireless LAN routers provided by ASUS JAPAN Inc. contain an OS command injection vulnerability.\r\n\r\nMasashi Sakai reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000011.html",
"sec:cpe": [
{
"#text": "cpe:/h:misc:asus_japan_rt-ac56s",
"@product": "RT-AC56S",
"@vendor": "ASUS JAPAN Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/h:misc:asus_japan_rt-ac68u",
"@product": "RT-AC68U",
"@vendor": "ASUS JAPAN Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/h:misc:asus_japan_rt-ac87u",
"@product": "RT-AC87U",
"@vendor": "ASUS JAPAN Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/h:misc:asus_japan_rt-n56u",
"@product": "RT-N56U",
"@vendor": "ASUS JAPAN Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/h:misc:asus_japan_rt-n66u",
"@product": "RT-N66U",
"@vendor": "ASUS JAPAN Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.2",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000011",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN77792759/index.html",
"@id": "JVN#77792759",
"@source": "JVN"
},
{
"#text": "//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7269",
"@id": "CVE-2014-7269",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7269",
"@id": "CVE-2014-7269",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
}
],
"title": "Multiple ASUS wireless LAN routers vulnerable to OS command injection"
}