Asuswrt

This hub aggregates every CVE we track for Asuswrt, a product in the hardware firmware space. Use it to gauge the current risk picture and drill into individual advisories.

Hardware Firmware

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

HIGH5CRITICAL5

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 10 most recently published vulnerabilities affecting Asuswrt.

CVE-2022-26376A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can l...9.8Aug 5, 2022
CVE-2018-20333An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /update_applist.asp to see if a USB device is attached to the router and if there are apps installed on the...7.5Mar 20, 2020
CVE-2018-20335An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can trigger a DoS of the httpd service via the /APP_Installation.asp?= URI.7.5Mar 20, 2020
CVE-2018-20334An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using...9.8Mar 20, 2020
CVE-2017-15656Password are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt.8.8Jan 31, 2018
CVE-2017-15655Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version <=3.0.0.4.376.X. All have been fixed in version 3.0.0.4.378, but this vulnerability was not previously dis...9.6Jan 31, 2018
CVE-2017-15654Highly predictable session tokens in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allow gaining administrative router access.8.3Jan 31, 2018
CVE-2017-15653Improper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing admi...8.8Jan 31, 2018
CVE-2018-6000An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpnupload.cgi provides functionality for setting NVRAM configuration values, whi...9.8Jan 22, 2018
CVE-2018-5999An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails.9.8Jan 22, 2018

Product normalization is registry-driven with AI assist and human review. How it works