Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
Asus

rt-ac86u

7 Versions 16 CVEs

Versions

3.0.0.4_386_51529

OTHER 3 CVEs

earlier

OTHER 2 CVEs

3.0.0.4.386.51255

OTHER 2 CVEs

0

SINGLE_NUMBER 1 CVE

3.0.0.4.386.51529

OTHER 5 CVEs

3.0.0.4.386_51915

OTHER 2 CVEs

3.0.0.4.386.45956

OTHER 3 CVEs

Recent CVEs

CVE-2024-3080

Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device.

CRITICAL Jun 14, 2024

CVE-2024-3079

Certain models of ASUS routers have buffer overflow vulnerabilities, allowing remote attackers with administrative privileges to execute arbitrary commands on the device.

HIGH Jun 14, 2024

CVE-2024-0401

ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. An authenticated and remote attacker can execute arbitrary operating system commands by uploading a crafted OVPN profile. Known affected routers include ASUS ExpertWiFi, ASUS RT-AX55, ASUS RT-AX58U, ASUS RT-AC67U, ASUS RT-AC68R, ASUS RT-AC68U, ASUS RT-AX86, ASUS RT-AC86U, ASUS RT-AX88U, and ASUS RT-AX3000.

HIGH May 20, 2024

CVE-2023-39239

It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API. This vulnerability is caused by lacking validation for a specific value within its apply.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service.

HIGH Sep 07, 2023

CVE-2023-39237

ASUS RT-AC86U Traffic Analyzer - Apps analysis function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.

HIGH Sep 07, 2023

CVE-2023-39236

ASUS RT-AC86U Traffic Analyzer - Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.

HIGH Sep 07, 2023

CVE-2023-35087

It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by lacking validation for a specific value when calling cm_processChangedConfigMsg in ccm_processREQ_CHANGED_CONFIG function in AiMesh system. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service. This issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_51529.

CRITICAL Jul 21, 2023

CVE-2023-35086

It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by directly using input as a format string when calling syslog in logmessage_normal function, in the do_detwan_cgi module of httpd. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service. This issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_51529.

HIGH Jul 21, 2023