Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

rt-n16

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

9
Related CVEsRelated VendorsRelated AssignersReports
9Vulnerabilities found
CVE-2018-20333
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.07%
||
7 Day CHG~0.00%
Published-20 Mar, 2020 | 00:11
Updated-05 Aug, 2024 | 11:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /update_applist.asp to see if a USB device is attached to the router and if there are apps installed on the router.

Action-Not Available
Vendor-n/aASUS (ASUSTeK Computer Inc.)
Product-rt-ac1750rt-ax3000rt-n56rrt-acrh13rt-ac1200gert-ac66urt-ac1200grt-ac66rrt-ac1200rt-n10\+d1rt-ac3200rt-acrh12rt-n600rt-ac68urt-ac5300rt-ax88urt-n56urt-n19rt-ax92urt-ac68pgt-ac2900rt-n10ert-ac86urt-ac56srt-n65urt-ax56urt-ac56urt-n16rt-ac66u-b1rt-n14urt-ac55urt-ax58uasuswrtrt-ac88urt-ac87urt-ac56rrt-n66rrt-g32rt-n66urt-ac51urt-ac1900pgt-ax11000rt-ac3100rt-ac66u_b1rt-ac1750_b1rt-ac1200_v2gt-ac5300n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-20335
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.67% / 81.36%
||
7 Day CHG~0.00%
Published-20 Mar, 2020 | 00:11
Updated-05 Aug, 2024 | 11:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can trigger a DoS of the httpd service via the /APP_Installation.asp?= URI.

Action-Not Available
Vendor-n/aASUS (ASUSTeK Computer Inc.)
Product-rt-ac1750rt-ax3000rt-n56rrt-acrh13rt-ac1200gert-ac66urt-ac1200grt-ac66rrt-ac1200rt-n10\+d1rt-ac3200rt-acrh12rt-n600rt-ac68urt-ac5300rt-ax88urt-n56urt-n19rt-ax92urt-ac68pgt-ac2900rt-n10ert-ac86urt-ac56srt-n65urt-ax56urt-ac56urt-n16rt-ac66u-b1rt-n14urt-ac55urt-ax58uasuswrtrt-ac88urt-ac87urt-ac56rrt-n66rrt-g32rt-n66urt-ac51urt-ac1900pgt-ax11000rt-ac3100rt-ac66u_b1rt-ac1750_b1rt-ac1200_v2gt-ac5300n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-20334
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.70% / 87.47%
||
7 Day CHG~0.00%
Published-20 Mar, 2020 | 00:11
Updated-05 Aug, 2024 | 11:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell.

Action-Not Available
Vendor-n/aASUS (ASUSTeK Computer Inc.)
Product-rt-ac1750rt-ax3000rt-n56rrt-acrh13rt-ac1200gert-ac66urt-ac1200grt-ac66rrt-ac1200rt-n10\+d1rt-ac3200rt-acrh12rt-n600rt-ac68urt-ac5300rt-ax88urt-n56urt-n19rt-ax92urt-ac68pgt-ac2900rt-n10ert-ac86urt-ac56srt-n65urt-ax56urt-ac56urt-n16rt-ac66u-b1rt-n14urt-ac55urt-ax58uasuswrtrt-ac88urt-ac87urt-ac56rrt-n66rrt-g32rt-n66urt-ac51urt-ac1900pgt-ax11000rt-ac3100rt-ac66u_b1rt-ac1750_b1rt-ac1200_v2gt-ac5300n/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2013-3093
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.16% / 37.67%
||
7 Day CHG~0.00%
Published-28 Jan, 2020 | 20:13
Updated-06 Aug, 2024 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ASUS RT-N56U devices allow CSRF.

Action-Not Available
Vendor-n/aASUS (ASUSTeK Computer Inc.)
Product-rt-n53rt-n10udsl-n55urt-n15urt-n16rt-ac66urt-n56urt-ac66u_firmwarert-n10u_firmwarert-n53_firmwarert-n16_firmwarert-n56u_firmwaredsl-n55u_firmwarert-n15u_firmwaren/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-12754
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-10.01% / 92.75%
||
7 Day CHG~0.00%
Published-09 Aug, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack buffer overflow in httpd in Asuswrt-Merlin firmware 380.67_0RT-AC5300 and earlier for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code on the router by sending a crafted http GET request packet that includes a long delete_offline_client parameter in the url.

Action-Not Available
Vendor-n/aAsuswrt-Merlin
Product-rt-ac1200rt-ac56urt-n12hprt-n300rt-ac51urt-n12\+rt-ac3200rt-n18urt-ac66urt-ac88urt-ac52urt-n66urt-ac55urt_ac1900prt-n56urt-ac66u_b1rt-ac3100rt-ac68urt-ac68prt-n12d1rt-n16rt-ac58uasuswrt-merlinrt-ac53rt_ac1200grt_n12\+_prort-ac5300rt-n12hp_b1rt_ac1200gun/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-11420
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-10.61% / 92.99%
||
7 Day CHG~0.00%
Published-18 Jul, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in ASUS_Discovery.c in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code via long device information that is mishandled during a strcat to a device list.

Action-Not Available
Vendor-asuswrt-merlin_projectn/a
Product-rt-ac56urt-ac1200rt-n300rt-n56u_firmwarert-ac3200rt-n12\+rt_ac1200g_firmwarert-ac3100_firmwarert-ac52urt-ac68u_firmwarert-ac66u_firmwarert-n66u_firmwarert-ac52u_firmwarert-ac66u_b1rt-ac68urt-ac53_firmwarert-ac68prt-ac58urt-n12d1_firmwarert_ac1200grt_n12\+_prort-ac5300rt-ac56u_firmwarert_n12\+_pro_firmwarert-ac3200_firmwarert_ac1900p_rt-ac68p_firmwarert-n12hp_b1rt_ac1200gurt-n12hprt-ac88u_firmwarert-ac51u_firmwarert-ac51urt-n18urt-ac88urt-ac66urt-ac58u_firmwarert-n66urt-ac1200_firmwarert-ac55urt-n12hp_firmwarert-n12\+_firmwarert-n300_firmwarert-n56urt-n16_firmwarert-ac66u_b1_firmwarert-ac3100rt_ac1900p_firmwarert-n12d1rt-n16rt-ac55u_firmwarert-ac53rt-ac5300_firmwarert-n18u_firmwarert-n12hp_b1_firmwarert_ac1200gu_firmwaren/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-11345
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.35% / 79.30%
||
7 Day CHG~0.00%
Published-16 Jul, 2017 | 23:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code on the router by hosting a crafted device description XML document (that includes a serviceType element) at a URL specified within a Location header in an SSDP response.

Action-Not Available
Vendor-asuswrt-merlin_projectn/a
Product-rt-ac56urt-ac1200rt-n300rt-n56u_firmwarert-ac3200rt-n12\+rt_ac1200g_firmwarert-ac3100_firmwarert-ac52urt-ac68u_firmwarert-ac66u_firmwarert-n66u_firmwarert-ac52u_firmwarert-ac66u_b1rt-ac68urt-ac53_firmwarert-ac68prt-ac58urt-n12d1_firmwarert_ac1200grt_n12\+_prort-ac5300rt-ac56u_firmwarert_n12\+_pro_firmwarert-ac3200_firmwarert_ac1900p_rt-ac68p_firmwarert-n12hp_b1rt_ac1200gurt-n12hprt-ac88u_firmwarert-ac51u_firmwarert-ac51urt-n18urt-ac88urt-ac66urt-ac58u_firmwarert-n66urt-ac1200_firmwarert-ac55urt-n12hp_firmwarert-n12\+_firmwarert-n300_firmwarert-n56urt-n16_firmwarert-ac66u_b1_firmwarert-ac3100rt_ac1900p_firmwarert-n12d1rt-n16rt-ac55u_firmwarert-ac53rt-ac5300_firmwarert-n18u_firmwarert-n12hp_b1_firmwarert_ac1200gu_firmwaren/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-11344
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.19% / 77.95%
||
7 Day CHG~0.00%
Published-16 Jul, 2017 | 23:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Global buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to write shellcode at any address in the heap; this can be used to execute arbitrary code on the router by hosting a crafted device description XML document at a URL specified within a Location header in an SSDP response.

Action-Not Available
Vendor-asuswrt-merlin_projectn/a
Product-rt-ac56urt-ac1200rt-n300rt-n56u_firmwarert-ac3200rt-n12\+rt_ac1200g_firmwarert-ac3100_firmwarert-ac52urt-ac68u_firmwarert-ac66u_firmwarert-n66u_firmwarert-ac52u_firmwarert-ac66u_b1rt-ac68urt-ac53_firmwarert-ac68prt-ac58urt-n12d1_firmwarert_ac1200grt_n12\+_prort-ac5300rt-ac56u_firmwarert_n12\+_pro_firmwarert-ac3200_firmwarert_ac1900p_rt-ac68p_firmwarert-n12hp_b1rt_ac1200gurt-n12hprt-ac88u_firmwarert-ac51u_firmwarert-ac51urt-n18urt-ac88urt-ac66urt-ac58u_firmwarert-n66urt-ac1200_firmwarert-ac55urt-n12hp_firmwarert-n12\+_firmwarert-n300_firmwarert-n56urt-n16_firmwarert-ac66u_b1_firmwarert-ac3100rt_ac1900p_firmwarert-n12d1rt-n16rt-ac55u_firmwarert-ac53rt-ac5300_firmwarert-n18u_firmwarert-n12hp_b1_firmwarert_ac1200gu_firmwaren/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-4937
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.53% / 66.33%
||
7 Day CHG~0.00%
Published-26 Jul, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the AiCloud feature on the ASUS RT-AC66U, RT-N66U, RT-N65U, RT-N14U, RT-N16, RT-N56U, and DSL-N55U with firmware before 3.0.4.372 have unknown impact and attack vectors.

Action-Not Available
Vendor-n/aASUS (ASUSTeK Computer Inc.)
Product-rt-n16rt-n14u_firmwarert-n14urt-n56u_firmwarert-ac66u_firmwarert-n66u_firmwarert-n65udsl-n55udsl-n56u_firmwarert-n66urt-n65u_firmwarert-ac66urt-n56urt-n16_firmwaren/a