exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 49 RSS Feed

Files

ASUS Router Authentication Bypass / Cross Site Scripting
Posted Feb 22, 2014
Authored by Harry Sintonen

ASUS routers suffer from authentication bypass and cross site scripting vulnerabilities, among the recent flurry of other issues that have surfaced.

tags | exploit, vulnerability, xss, bypass
SHA-256 | 6edc73bc09482eb4146ba7e7fb7884eac6f18e8dcfb66db1d1ad2bd22fd6087e

Related Files

ASUS DisplayWidget Software 3.4.0.036 Unquoted Service Path
Posted Jun 22, 2021
Authored by Julio Avina

ASUS DisplayWidget Software version 3.4.0.036 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | 135ba30154d912ebba59d90f64e69e8603c68e4fe97a3c97544d7e7cd1e8da2f
ASUS Remote Link 1.1.2.13 Remote Code Execution
Posted Feb 25, 2021
Authored by H4rk3nz0

ASUS Remote Link version 1.1.2.13 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 1a5ce5f0862db47d2e5496fc7bc55a8224b182341334fc196f04fe6b19a14c3b
ASUS TM-AC1900 Arbitrary Command Execution
Posted Nov 13, 2020
Authored by b1ack0wl | Site metasploit.com

This Metasploit module exploits a code execution vulnerability within the ASUS TM-AC1900 router as an authenticated user. The vulnerability is due to a failure filter out percent encoded newline characters within the HTTP argument SystemCmd when invoking /apply.cgi which bypasses the patch for CVE-2018-9285.

tags | exploit, web, cgi, code execution
advisories | CVE-2018-9285
SHA-256 | ffe065bd21f5291ffd2dce01466f14f19a9e8833bf6d4dc92c47a3e0d3858343
ASUS AAHM 1.00.22 Unquoted Service Path
Posted Mar 12, 2020
Authored by Roberto Pina

ASUS AAHM version 1.00.22 suffers from an asHmComSvc unquoted service path vulnerability.

tags | exploit
SHA-256 | 7061a92b5d851ade994bca58f7bebc8788b9504cb2b12282bffdd7251c45a92c
ASUS AXSP 1.02.00 Unquoted Service Path
Posted Mar 11, 2020
Authored by Roberto Pina

ASUS AXSP version 1.02.00 suffers from an asComSvc unquoted service path vulnerability.

tags | exploit
SHA-256 | d6ff93ad584a3de21fd268257258b5f490e76ad00f19eaff8a596e4cadbf2152
ASUS GiftBox Desktop 1.1.1.127 Unquoted Service Path
Posted Mar 6, 2020
Authored by Oscar Flores

ASUS GiftBox Desktop version 1.1.1.127 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | aa757794fb7ccb8f8d65d62327cceb9fc1444a24d563bd648154d437114f227b
ASUS HM Com Service 1.00.31 Unquoted Service Path
Posted Nov 17, 2019
Authored by Olimpia Saucedo

ASUS HM Com Service version 1.00.31 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | e4a2db26429569fb959f0dca08cbe6ed4dcc0c2f8131fcd8633d5ae5e7b7abf7
ASUS RT-N10+ 2.0.3.4 CSRF / XSS / Command Execution
Posted Oct 14, 2019
Authored by Matheus Vrech

ASUS RT-N10+ with firmware version 2.0.3.4 suffers from cross site request forgery and cross site scripting vulnerabilities that can assist with achieving command execution.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 180bc134d00505aeee98979c9045c6ba75f0c0fb8e0cbf15853e5e72014cac0b
Asus Precision TouchPad 11.0.0.25 Denial Of Service / Privilege Escalation
Posted Aug 30, 2019
Authored by Athanasios Tserpelis

Asus Precision TouchPad version 11.0.0.25 suffers from denial of service and privilege escalation via pool overflow vulnerabilities.

tags | exploit, denial of service, overflow, vulnerability
advisories | CVE-2019-10709
SHA-256 | 781fa5fb4c090fbf82b363a4a66c005d97b1e04a7867c3bca917aeebee30c6fa
ASUS HG100 Denial Of Service
Posted Apr 17, 2019
Authored by Yint Wang

ASUS HG100 suffers from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2018-11492
SHA-256 | 118b077cce2f6f305f8ed7084fa284e217f384e8566233b52b812c3044df38bf
ASUSTOR NAS ADM 3.1.0 Remote Command Execution / SQL Injection
Posted Aug 14, 2018
Authored by Kyle Lovett

ASUSTOR NAS ADM version 3.1.0 suffers from code execution and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, code execution, sql injection
advisories | CVE-2018-11509, CVE-2018-11510, CVE-2018-11511
SHA-256 | 1644681fa9ff008830ac7ddad2b94c3263d391b10d2e6962b1b9eaf1341a36be
ASUS DSL-N12E_C1 1.1.2.3_345 Remote Command Execution
Posted Aug 2, 2018
Authored by Fakhri Zulkifli

ASUS DSL-N12E_C1 version 1.1.2.3_345 suffers from a remote command execution vulnerability.

tags | exploit, remote
SHA-256 | 4091ebc65733876d21ca6215fd2aebb322cee246abdd11ff7f6b8a5f4963158c
AsusWRT RT-AC750GF Cross Site Request Forgery
Posted Jun 25, 2018
Authored by Wadeek

AsusWRT RT-AC750GF suffers from a cross site request forgery vulnerability in the change admin password flow.

tags | exploit, csrf
SHA-256 | 363560f7c28221e14f216c3e9133cd294040a8d4e3874784d921d8085a9c6803
ASUSTOR ADM 3.1.0.RFQ3 Chained Remote Code Execution
Posted May 2, 2018
Authored by Matthew F

ASUSTOR ADM versions 3.1.0.RFQ3 and below chained exploit that leverages stored cross site scripting, cross site request forgery, path traversal, and file upload vulnerabilities.

tags | exploit, vulnerability, xss, file upload, csrf
SHA-256 | fde4398e7091167691978b80ba156992eb0178ba24e6cfc20e75f8e0b0d810b8
ASUS infosvr Authentication Bypass Command Execution
Posted Apr 21, 2018
Authored by jduck, Friedrich Postelstorfer | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in the infosvr service running on UDP port 9999 on various ASUS routers to execute arbitrary commands as root. This Metasploit module launches the BusyBox Telnet daemon on the port specified in the TelnetPort option to gain an interactive remote shell. This Metasploit module was tested successfully on an ASUS RT-N12E with firmware version 2.0.0.35. Numerous ASUS models are reportedly affected, but untested.

tags | exploit, remote, arbitrary, shell, root, udp, bypass
advisories | CVE-2014-9583
SHA-256 | 0fd9b3969b4bf0e960fb66268aea32b78e442d90a8d93e78895e7611291a8f43
AsusWRT LAN Unauthenticated Remote Code Execution
Posted Feb 23, 2018
Authored by Pedro Ribeiro | Site metasploit.com

The HTTP server in AsusWRT has a flaw where it allows an unauthenticated client to perform a POST in certain cases. This can be combined with another vulnerability in the VPN configuration upload routine that sets NVRAM configuration variables directly from the POST request to enable a special command mode. This command mode can then be abused by sending a UDP packet to infosvr, which is running on port UDP 9999 to directly execute commands as root. This exploit leverages that to start telnetd in a random port, and then connects to it. It has been tested with the RT-AC68U running AsusWRT Version 3.0.0.4.380.7743.

tags | exploit, web, root, udp
advisories | CVE-2018-5999, CVE-2018-6000
SHA-256 | 6da7c92100a89101fa69018aa3816aa9505957ebeb1384b2e303db3bf235ef0c
Asus Router Cross Site Script / Authentication Bypass
Posted Jan 26, 2018
Authored by 4TT4CK3R

ASUS router DSL-RT-N13 suffers from an authentication bypass vulnerability. ASUS router DSL-N14U B1 suffers from a cross site scripting vulnerability.

tags | exploit, xss, bypass
SHA-256 | ecd0df4f22f0d4912a1afa3664402f13bcaad09a5016db632a5a8c7a042a6edc
AsusWRT Router Remote Code Execution
Posted Jan 26, 2018
Authored by Pedro Ribeiro

AsusWRT Router versions prior to 3.0.0.4.380.7743 suffer from an unauthenticated LAN remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2018-5999, CVE-2018-6000
SHA-256 | d1c7e3083bad3b151c9ec2e284e0a81a21a91275554106af01e0a4934e1d7a8e
ASUSWRT 3.0.0.4.382.18495 Session Hijacking / Information Disclosure
Posted Jan 16, 2018
Authored by Blazej Adamczyk

ASUSWRT versions 3.0.0.4.382.18495 and below suffer from predictable session tokens, failed IP validation, plain text password storage, and information disclosure vulnerabilities.

tags | exploit, vulnerability, info disclosure
systems | unix
advisories | CVE-2017-15653, CVE-2017-15654, CVE-2017-15655, CVE-2017-15656
SHA-256 | bd23232ee99e738d3f84b1fd3f3d388227c546aff375b18addd0d8e6dc43e90f
ASUS Routers CSRF / Information Disclosure
Posted May 10, 2017
Authored by Yakov Shafranovich | Site wwws.nightwatchcybersecurity.com

ASUS routers suffer from cross site request forgery and information disclosure vulnerabilities. Versions affected include RT-AC55U, RT-AC56R, RT-AC56S, RT-AC56U, RT-AC66U, RT-AC88U, RT-AC66R, RT-AC66U, RT-AC66W, RT-AC68W, RT-AC68P, RT-AC68R, RT-AC68U, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC53U, RT-AC1900P, RT-AC3100, RT-AC3200, RT-AC5300, RT-N11P, RT-N12 (D1 version only), RT-N12+, RT-N12E, RT-N18U, RT-N56U, RT-N66R, RT-N66U (B1 version only), and RT-N66W.

tags | exploit, vulnerability, file inclusion, info disclosure, csrf
advisories | CVE-2017-5891, CVE-2017-5892
SHA-256 | c234e4d0097a292327004469b2284cab90e82e534ca260fba018cd3bf48a7f3c
ASUS RT-N10 CSRF / Code Execution / XSS / Open Redirection
Posted Sep 15, 2016
Authored by MustLive

ASUS RT-N10 routers suffer from code execution, cross site request forgery, open redirection, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, code execution, xss, csrf
SHA-256 | dcdcb2b75c0284cb708af0e9f786968b3347b8b5d0a0914ab6939ef508380ad5
ASUS DSL-X11 ADSL Router Unauthenticated Remote DNS Changer
Posted Sep 13, 2016
Authored by Todor Donev

ASUS DSL-X11 ADSL router unauthenticated remote DNS changer exploit.

tags | exploit, remote
SHA-256 | 93f34477ca80d1b371bd59eec1b073b39526d51e18f1d4b32ba199d040c8d367
AsusTEK asio.sys MSR Manipulation
Posted Mar 21, 2016
Authored by 0x3d5157636b525761

AsusTEK asio.sys driver accepts IOCTLs that allow the user to freely manipulate MSRs.

tags | advisory
SHA-256 | 325593d3acbc08d615dd99f440693508f61114fcd70ff4a0997008168a95e16c
ASUS Router Administrative Interface Exposure
Posted Feb 11, 2016
Authored by David Longenecker

ASUS wireless routers running ASUSWRT firmware have a design flaw in which the administrator web interface may be open to the public Internet even if you have specifically disabled web access from the WAN.

tags | advisory, web
SHA-256 | acefe4f7da5e0a9ebebc7265a613a32f86d3d8d789508910725b215e88ef92d7
ASUS RT-N56U 3.0.0.4.374_239 Cross Site Scripting
Posted Feb 4, 2016
Authored by Nicholas Lehman

ASUS RT-N56U version 3.0.0.4.374_239 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 87441652c6842207664db5e93c4cca7115dd476b58654fed698224aba77c8880
Page 1 of 2
Back12Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    8 Files
  • 6
    Jul 6th
    8 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close