header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

ASUS ASMB8 iKVM 1.14.51 – Remote Code Execution (RCE) & SSH Access

A vulnerability was found in ASUS ASMB8 iKVM firmware version 1.14.51 and possibly others, allowing for Remote Code Execution (RCE) via SNMP arbitrary extensions. By exploiting this vulnerability, an attacker can run commands on the system with root privileges and introduce a new user to bypass SSH restrictions. Additionally, a hardcoded account 'sysadmin:superuser' was discovered. The vulnerability is identified as CVE-2023-26602.

AsusWRT LAN Unauthenticated Remote Code Execution

The HTTP server in AsusWRT allows an unauthenticated client to perform a POST request, which can be combined with a vulnerability in the VPN configuration upload routine to enable a special command mode. This command mode can then be abused to execute commands as root by sending a UDP packet to infosvr on port UDP 9999. This exploit leverages that to start telnetd in a random port and connect to it. It has been tested with the RT-AC68U running AsusWRT Version 3.0.0.4.380.7743.

ASUS infosvr Auth Bypass Command Execution

This module exploits an authentication bypass vulnerability in the infosvr service running on UDP port 9999 on various ASUS routers to execute arbitrary commands as root.This module launches the BusyBox Telnet daemon on the port specified in the TelnetPort option to gain an interactive remote shell.This module was tested successfully on an ASUS RT-N12E with firmware version 2.0.0.35.Numerous ASUS models are reportedly affected, but untested.

ASUS AAHM 1.00.22 – ‘asHmComSvc’ Unquoted Service Path

A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.

ASUS AXSP 1.02.00 – ‘asComSvc’ Unquoted Service Path

A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.

ASUS GiftBox Desktop 1.1.1.127 – ‘ASUSGiftBoxDesktop’ Unquoted Service Path

A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.

ASUS HM Com Service 1.00.31 – ‘asHMComSvc’ Unquoted Service Path

The application suffers from an unquoted service path issue impacting the service 'ASUS HM Com Service (aaHMSvc.exe)' related to the Asus Motherboard Utilities. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with system privileges.

Asus GameSDK v1.0.0.4 – ‘GameSDK.exe’ Unquoted Service Path

If an attacker had already compromised the system and the current user has the privileges to write in the 'C:Program Files (x86)ASUS' folder or in 'C:', he could place his own 'Program.exe' or 'GameSDK.exe' files respectively, and when the service starts, it would launch the malicious file, rather than the original 'GameSDK.exe'.

ASUSWRT 3.0.0.4.376_1071 LAN Backdoor Command Execution

A service called 'infosvr' listens on port 9999 on the LAN bridge. Normally this service is used for device discovery using the 'ASUS Wireless Router Device Discovery Utility', but this service contains a feature that allows an unauthenticated user on the LAN to execute commands <= 237 bytes as root. Source code is in asuswrt/release/src/router/infosvr. 'iboxcom.h' is in asuswrt/release/src/router/shared.

Recent Exploits: