ASUS
Company Details
Linkedin ID:
asus
Website:
Employees number:
16,061
Number of followers:
987,332
NAICS:
3341
Industry Type:
Homepage:
asus.com
IP Addresses:
0
Company ID:
ASU_1959502
Scan Status:
In-progress
ASUS Company CyberSecurity Posture
asus.com
ASUS is a global technology leader delivering incredible experiences that enhance the lives of people everywhere. World renowned for continuously reimagining today’s technologies for tomorrow, ASUS puts users first In Search of Incredible to provide the world’s most innovative and intuitive devices, components, and solutions. Today’s ASUS is more ambitious than ever, unleashing remarkable gaming, content-creation, AIoT, and cloud solutions that solve user needs and infuse delight. ASUS is home to industry-leading experts who are encouraged to pursue their passion for innovation and entrepreneurial spirit to deliver the future of technology to the world. With a team of 5,000 in-house R&D colleagues, ASUS received more than 11 awards every day in 2020 and is ranked as one of Fortune’s World’s Most Admired Companies. Working together as One Team, ASUS team members strive to transform and evolve, trust in radical truth and transparency, and embrace idea meritocracy and foster collective wisdom in the limitless pursuit of the incredible. And because tomorrow's experiences start with today’s actions, the people of ASUS are setting new industry standards and delivering on a strong commitment to environmental and community stewardship every day. At ASUS, every individual can find the opportunity to push the limits of what is yet to be imagined, and to make it real. To learn more about our aspirations and what we offer, visit asus.com/about-asus/
ASUS A.I CyberSecurity Scoring
ASUS Risk Score (AI oriented)Between 650 and 699
ASUS
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
ASUS Global Score (TPRM)XXXX
ASUS
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
ASUS Company CyberSecurity News & History
Past Incidents
6
Attack Types
3
ASUS
Cyber Attack
Rankiteo Explanation
Attack threatening the economy of geographical region
Description: Thousands of expired ASUS routers (models like **4G-AC55U, GT-AX11000, RT-AC1300UHP**, etc.) were hijacked by **Chinese state-sponsored actors** into a botnet named **'Operation WrtHug'**, exploiting **n-day vulnerabilities (CVE-2023-41345, CVE-2024-12912, etc.)**. The attackers deployed a **self-signed 100-year TLS certificate** to mask their espionage traffic, turning compromised routers into a **globally distributed relay network** for cyber-espionage. The majority of affected devices were in **Taiwan and Southeast Asia**, aligning with geopolitical targeting interests. The botnet enabled hidden C2 infrastructure, resilient attack staging, and intrusions against high-value targets, posing risks to **national security, critical communications, and geopolitical stability**. No direct financial or customer data breaches were reported, but the campaign facilitated **large-scale covert surveillance and potential future attacks** on strategic entities.
Everest Ransomware Claims ASUS Breach and 1TB Data Theft
Ransomware
Rankiteo Explanation
Attack threatening the organization's existence
Description: A new claim by the Everest ransomware group suggests that ASUS, one of the world’s largest hardware and electronics companies, has been compromised. According to a post on the group’s dark web leak site, they are in possession of more than 1TB of stolen data, which they say includes camera source code. In this case, “Camera Source Code” likely refers to proprietary firmware or software used in ASUS devices with built-in cameras, such as laptops or smartphones. This could include low-level control code for camera modules, internal drivers, or even entire applications tied to image processing or device integration. Everest Ransomware claiming ASUS breach (Image credit: Hackread.com) The group is demanding that ASUS contact them through Qtox, an encrypted messaging platform, and has given the company a 21-hour deadline to respond. No ransom amount has been made public, and there’s no clear indication yet of the specific contents or sensitivity of the alleged data. This claim adds to a series of recent announcements by Everest, which in the past two weeks alone have claimed responsibility for attacks on high-profile organisations, including Under Armour, Brazil’s Petrobras, and Spain’s Iberia airline. Those incidents involved user data, internal documentation, and what the group described as full network access. ASUS has not yet confirmed or denied the breach. Hackread.com has reached out to the company for comment and will update this story as more details become available.
ASUS
Vulnerability
Rankiteo Explanation
Attack without any consequences
Description: A security researcher discovered a major flaw in ASUS DriverHub, a tool that automatically downloads and installs the latest drivers for ASUS devices. The flaw allowed threat actors to execute malicious code on affected devices remotely. Although the vulnerability was limited to motherboards and did not affect laptops, desktop computers, or other endpoints, ASUS strongly recommended users to apply the patch. The vulnerability window had been open for an indeterminate period, but there were no reports of abuse in the wild.
ASUS: ASUS Live Update Vulnerability Misrepresented as New Threat: Details on CVE-2025-59374
Vulnerability
Rankiteo Explanation
Attack without any consequences
Description: **ASUS Live Update Vulnerability CVE-2025-59374: A Historical Supply-Chain Threat, Not a Current Risk** A recently resurfaced vulnerability, **CVE-2025-59374**, has sparked discussions in the cybersecurity community, though it stems from a **past supply-chain attack** rather than an active threat. The flaw is tied to **ASUS Live Update**, a now-defunct utility that once delivered system updates for ASUS computers. The attack, which occurred during the software’s operational period, involved **malicious code embedded in legitimate updates**, exploiting the utility’s trusted distribution network to gain unauthorized access to targeted systems. However, the vulnerability poses **no current risk**, as ASUS Live Update was **discontinued and phased out**, rendering the exploit obsolete. Despite its historical nature, **misleading headlines and misinterpretations** have led to confusion, with some sources incorrectly suggesting ongoing exploitation. Security researchers clarify that the incident reflects a **past breach of trusted update mechanisms**, not a present-day threat. The case underscores the risks of **supply-chain attacks** but does not impact modern ASUS systems or software. Organizations and users are advised to focus on **current vulnerability reports** and maintain routine software audits to address active risks. CVE-2025-59374 remains relevant only as a **historical reference** for security assessments.
ASUS
Vulnerability
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: ASUS disclosed a critical security vulnerability (CVE-2025-59373, CVSS 8.5) in its **MyASUS application**, specifically within the **ASUS System Control Interface Service**. This flaw allows local attackers with low-level access to escalate privileges to **SYSTEM-level**, granting full control over affected Windows devices. Exploitation requires no user interaction and has low attack complexity, posing severe risks in corporate environments where a single compromised endpoint could enable broader network intrusion.The vulnerability affects **millions of ASUS devices globally**, including desktops, laptops, NUCs, and All-in-One PCs. Attackers gaining SYSTEM privileges could execute arbitrary code, install malware, steal sensitive data, or modify system configurations. While ASUS has released patches (versions **3.1.48.0 for x64** and **4.2.48.0 for ARM**), unpatched systems remain at high risk of privilege-escalation attacks, potentially leading to lateral movement across enterprise networks.Organizations are urged to prioritize patching and monitor for suspicious activity, as the flaw’s high severity and ease of exploitation make it a prime target for cybercriminals.
ASUS
Vulnerability
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: ASUS disclosed a **critical authentication bypass vulnerability (CVE-2025-59367)** in multiple DSL-series routers (DSL-AC51, DSL-N16, DSL-AC750), allowing unauthenticated remote attackers to bypass credentials and gain full administrative access. The flaw, rated as low-complexity, exposes unpatched devices connected to the internet to potential compromise. While no in-the-wild exploitation has been confirmed, ASUS urged immediate firmware updates (version 1.1.2.3_1010) to mitigate risks. Users unable to patch were advised to disable internet-facing services (WAN access, port forwarding, VPN, DMZ, etc.) and enforce strong passwords to prevent unauthorized access.The vulnerability poses a significant risk of routers being hijacked for **botnet recruitment** or **DDoS campaigns**, a trend highlighted by past incidents like the *Vicious Trap* group exploiting older ASUS flaws (CVE-2023-39780, CVE-2021-32030) to backdoor thousands of devices for the *AyySSHush* botnet. ASUS also patched a similar high-risk flaw (CVE-2025-2492) earlier this year, reinforcing the persistent targeting of consumer networking hardware by threat actors. Failure to patch could lead to large-scale device compromise, enabling attackers to pivot into broader network intrusions or disrupt services.
ASUS Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for ASUS
Incidents vs Computer Hardware Manufacturing Industry Average (This Year)
ASUS has 589.66% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
ASUS has 412.82% more incidents than the average of all companies with at least one recorded incident.
Incident Types ASUS vs Computer Hardware Manufacturing Industry Avg (This Year)
ASUS reported 4 incidents this year: 0 cyber attacks, 1 ransomware, 3 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — ASUS (X = Date, Y = Severity)
ASUS cyber incidents detection timeline including parent company and subsidiaries
ASUS Company Subsidiaries
ASUS is a global technology leader delivering incredible experiences that enhance the lives of people everywhere. World renowned for continuously reimagining today’s technologies for tomorrow, ASUS puts users first In Search of Incredible to provide the world’s most innovative and intuitive devices, components, and solutions. Today’s ASUS is more ambitious than ever, unleashing remarkable gaming, content-creation, AIoT, and cloud solutions that solve user needs and infuse delight. ASUS is home to industry-leading experts who are encouraged to pursue their passion for innovation and entrepreneurial spirit to deliver the future of technology to the world. With a team of 5,000 in-house R&D colleagues, ASUS received more than 11 awards every day in 2020 and is ranked as one of Fortune’s World’s Most Admired Companies. Working together as One Team, ASUS team members strive to transform and evolve, trust in radical truth and transparency, and embrace idea meritocracy and foster collective wisdom in the limitless pursuit of the incredible. And because tomorrow's experiences start with today’s actions, the people of ASUS are setting new industry standards and delivering on a strong commitment to environmental and community stewardship every day. At ASUS, every individual can find the opportunity to push the limits of what is yet to be imagined, and to make it real. To learn more about our aspirations and what we offer, visit asus.com/about-asus/
Loading...
ASUS Similar Companies
Since its founding in 1993, NVIDIA (NASDAQ: NVDA) has been a pioneer in accelerated computing. The company’s invention of the GPU in 1999 sparked the growth of the PC gaming market, redefined computer graphics, ignited the era of modern AI and is fueling the creation of the metaverse. NVIDIA is now
Seagate is a leader in mass-capacity data storage. We’ve delivered more than four and a half billion terabytes of capacity over the past four decades. We make storage that scales, bringing trust and integrity to innovations that depend on data. In an era of unprecedented creation, Seagate stores inf
Western Digital
At Western Digital, our vision is to unleash the power and value of data. For decades, we have been at the forefront of storage innovation, which fuels our mission to be the market leader in data storage, delivering solutions for now and the future. We are committed to providing scalable, sustainabl
.png)
ASUS CyberSecurity News
December 18, 2025 02:38 PM
CISA Adds ASUS Embedded Malicious Code Vulnerability to KEV List Following Active Exploitation
CISA has added an actively exploited ASUS Live Update flaw to its Known Exploited Vulnerabilities catalog, warning of increased risk.
December 18, 2025 02:05 PM
A poisoned Asus utility tool was found online
CISA reveals warning on Asus software flaw, here's what you need to do to stay safe.
December 18, 2025 10:18 AM
U.S. CISA adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities...
December 18, 2025 10:07 AM
Actively Exploited ASUS Vulnerability Added to CISA’s KEV List
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical ASUS vulnerability to its Known Exploited Vulnerabilities...
December 18, 2025 06:47 AM
CISA Warns of Critical Vulnerabilities in Cisco, SonicWall, and ASUS Devices
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert including three new vulnerabilities in its catalog...
December 18, 2025 05:01 AM
CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting ASUS Live Update to its Known...
December 13, 2025 04:04 AM
New Android Malware, ASUS Breach, and More: This Week in Cybersecurity
New Android spyware, a supplier breach tied to Asus, and a botnet menacing maritime systems. 13.12.2025 ForkLog. The week's key cybersecurity developments.
December 06, 2025 08:00 AM
Asus Faces Hack Involving Company Supplier
Asus reported the breach, which involves its phone camera technology, after a ransomware group claimed to have stolen over 1TB of data from...
December 04, 2025 03:57 AM
Taiwan's Asus confirms cyberattack did not affect user privacy
TAIPEI (Taiwan News) — Taiwanese electronics manufacturer Asus on Wednesday clarified that a recent cyberattack did not affect its products,...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
ASUS CyberSecurity History Information
Official Website of ASUS
The official website of ASUS is http://www.asus.com.
ASUS’s AI-Generated Cybersecurity Score
According to Rankiteo, ASUS’s AI-generated cybersecurity score is 674, reflecting their Weak security posture.
How many security badges does ASUS’ have ?
According to Rankiteo, ASUS currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does ASUS have SOC 2 Type 1 certification ?
According to Rankiteo, ASUS is not certified under SOC 2 Type 1.
Does ASUS have SOC 2 Type 2 certification ?
According to Rankiteo, ASUS does not hold a SOC 2 Type 2 certification.
Does ASUS comply with GDPR ?
According to Rankiteo, ASUS is not listed as GDPR compliant.
Does ASUS have PCI DSS certification ?
According to Rankiteo, ASUS does not currently maintain PCI DSS compliance.
Does ASUS comply with HIPAA ?
According to Rankiteo, ASUS is not compliant with HIPAA regulations.
Does ASUS have ISO 27001 certification ?
According to Rankiteo,ASUS is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of ASUS
ASUS operates primarily in the Computer Hardware Manufacturing industry.
Number of Employees at ASUS
ASUS employs approximately 16,061 people worldwide.
Subsidiaries Owned by ASUS
ASUS presently has no subsidiaries across any sectors.
ASUS’s LinkedIn Followers
ASUS’s official LinkedIn profile has approximately 987,332 followers.
NAICS Classification of ASUS
ASUS is classified under the NAICS code 3341, which corresponds to Computer and Peripheral Equipment Manufacturing.
ASUS’s Presence on Crunchbase
No, ASUS does not have a profile on Crunchbase.
ASUS’s Presence on LinkedIn
Yes, ASUS maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/asus.
Cybersecurity Incidents Involving ASUS
As of December 23, 2025, Rankiteo reports that ASUS has experienced 6 cybersecurity incidents.
Number of Peer and Competitor Companies
ASUS has an estimated 1,162 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at ASUS ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack, Ransomware, Malware and Vulnerability.
How does ASUS detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an remediation measures with recommended users to apply the patch, and and containment measures with firmware update (version 1.1.2.3_1010) for dsl-ac51, dsl-n16, dsl-ac750, containment measures with disabling internet-accessible services (remote wan, port forwarding, ddns, vpn, dmz, port triggering, ftp) for unpatchable devices, containment measures with recommending strong passwords, avoiding credential reuse, and regular update checks, and remediation measures with firmware patch, remediation measures with security hardening guidance for end-of-life devices, and communication strategy with public advisory via asus support portal, communication strategy with networking page notifications, communication strategy with media outreach, and incident response plan activated with collaboration between securityscorecard and asus, and third party assistance with securityscorecard, and communication strategy with public disclosure via securityscorecard/asus report, communication strategy with media coverage (e.g., techradar), and containment measures with patch deployment (asus system control interface v3.1.48.0 for x64, v4.2.48.0 for arm), and remediation measures with urgent patch application via windows update, remediation measures with monitoring for suspicious activity, and communication strategy with public disclosure, communication strategy with user advisory for patch verification, and enhanced monitoring with recommended for exploitation attempts, and remediation measures with software product phased out and retired..
Incident Details
Can you provide details on each incident ?
Title: ASUS Software Update Malware Distribution
Description: Hundreds of thousands of consumers of the Taiwan-based electronics giant ASUS received the malware through the company's dependable automatic software update programme after an attacker took over the company's server and used it to distribute it to devices.
Type: Malware Distribution
Attack Vector: Supply Chain Attack
Vulnerability Exploited: Compromised Update Server
Title: ASUS DriverHub Vulnerability
Description: A security researcher discovered a major flaw in ASUS DriverHub, a tool that automatically downloads and installs the latest drivers for ASUS devices. The flaw allowed threat actors to execute malicious code on affected devices remotely. Although the vulnerability was limited to motherboards and did not affect laptops, desktop computers, or other endpoints, ASUS strongly recommended users to apply the patch. The vulnerability window had been open for an indeterminate period, but there were no reports of abuse in the wild.
Type: Vulnerability Exploit
Attack Vector: Remote Code Execution
Vulnerability Exploited: Flaw in ASUS DriverHub
Title: Critical Authentication Bypass Flaw in ASUS DSL-Series Routers (CVE-2025-59367)
Description: ASUS has issued new firmware updates to fix a critical authentication bypass flaw (CVE-2025-59367) affecting multiple DSL-series routers (DSL-AC51, DSL-N16, DSL-AC750). The vulnerability allows unauthenticated attackers to remotely log into impacted routers without user interaction. ASUS urged users to immediately install firmware version 1.1.2.3_1010 or disable internet-facing services if patching is not possible. While no in-the-wild exploitation has been reported, router vulnerabilities are frequent targets for botnet operators (e.g., Vicious Trap's AyySSHush botnet exploiting older ASUS flaws CVE-2023-39780 and CVE-2021-32030).
Type: Vulnerability
Attack Vector: NetworkRemote
Vulnerability Exploited: CVE-2025-59367 (Authentication Bypass in DSL-series routers)
Title: Operation WrtHug: Thousands of expired ASUS routers hijacked into cyber-espionage botnet
Description: Thousands of expired ASUS routers are being hijacked and assimilated into a botnet ('Operation WrtHug') used as infrastructure for cyber-espionage operations. Chinese state-sponsored actors exploited multiple n-day vulnerabilities (CVE-2023-41345, CVE-2023-41346, CVE-2023-41347, CVE-2023-41348, CVE-2024-12912, CVE-2025-2492) to deploy a self-signed TLS certificate with a 100-year expiration date. The compromised routers form a relay network, primarily in Taiwan and Southeast Asia, enabling espionage traffic routing, origin obfuscation, and resilient C2 infrastructure for attacks against high-value geopolitical targets.
Type: botnet
Attack Vector: exploitation of n-day vulnerabilitiesend-of-life (EOL) device targetingself-signed TLS certificate abuse (100-year validity)
Vulnerability Exploited: CVE-2023-41345CVE-2023-41346CVE-2023-41347CVE-2023-41348CVE-2024-12912CVE-2025-2492
Threat Actor: Chinese state-sponsored actors
Motivation: cyber-espionagegeopolitical targetingresilient C2 infrastructure
Title: Critical Privilege Escalation Vulnerability in ASUS MyASUS Application (CVE-2025-59373)
Description: ASUS has disclosed a critical security vulnerability (CVE-2025-59373, CVSS 8.5) in its MyASUS application, enabling local attackers to escalate privileges to SYSTEM-level access on affected Windows devices. The flaw resides in the ASUS System Control Interface Service, a core component managing hardware settings. Exploitation requires local access with low privileges but grants full system control, posing high risks for confidentiality, integrity, and availability. Patches (v3.1.48.0 for x64, v4.2.48.0 for ARM) are available via Windows Update. Organizations are urged to prioritize deployment due to the high-severity rating and potential for lateral network intrusion in corporate environments.
Type: Vulnerability
Attack Vector: Local
Vulnerability Exploited: Cve Id: CVE-2025-59373, Cvss Score: 8.5 (High), Affected Component: ASUS System Control Interface Service (MyASUS), Local accessLow privilegesAttack Complexity: Low, User Interaction Required: False.
Title: Everest Ransomware Group Claims ASUS Breach
Description: A new claim by the Everest ransomware group suggests that ASUS, one of the world’s largest hardware and electronics companies, has been compromised. The group claims to possess more than 1TB of stolen data, including camera source code for ASUS devices with built-in cameras. ASUS has been given a 21-hour deadline to respond via Qtox, an encrypted messaging platform.
Type: Ransomware
Threat Actor: Everest Ransomware Group
Motivation: Extortion
Title: ASUS Live Update Supply-Chain Attack (CVE-2025-59374)
Description: A supply-chain attack on the ASUS Live Update utility where attackers exploited its distribution network to embed malicious code via updates considered legitimate. The incident involved an End-of-Life (EoL) software product and does not represent a contemporary or emerging threat.
Type: Supply-Chain Attack
Attack Vector: Malicious update distribution via trusted software utility
Vulnerability Exploited: CVE-2025-59374
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Vulnerability.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Compromised Update Server, Improper access request validation in router firmware and exploited n-day vulnerabilities in ASUS routers.
Impact of the Incidents
What was the impact of each incident ?
Incident : Malware Distribution ASU15138323
Systems Affected: Hundreds of thousands of devices
Incident : Vulnerability Exploit ASU558051425
Systems Affected: Motherboards
Incident : Vulnerability ASU5132951111725
Systems Affected: ASUS DSL-AC51ASUS DSL-N16ASUS DSL-AC750Potentially other DSL-series routers
Operational Impact: Unauthorized remote access to router management interfacesRisk of router hijacking for botnets/DDoS campaigns
Brand Reputation Impact: Potential erosion of trust due to unpatched vulnerabilitiesAssociation with botnet risks (e.g., AyySSHush)
Incident : botnet ASU1192111111925
Systems Affected: thousands of ASUS routers
Operational Impact: routers repurposed as relay nodes for espionage trafficobfuscation of threat actor originpotential staging for high-value attacks
Brand Reputation Impact: potential reputational damage to ASUS due to exploited EOL devices
Incident : Vulnerability ASU2932929112625
Systems Affected: ASUS personal computers (desktops, laptops, NUC systems, All-in-One PCs) running MyASUS
Operational Impact: High (potential for arbitrary code execution, malware installation, lateral network movement)
Brand Reputation Impact: Potential risk due to high-severity vulnerability
Incident : Ransomware ASU1764705548
Data Compromised: 1TB of data, including camera source code
Incident : Supply-Chain Attack ASU1766433512
Brand Reputation Impact: Historical impact on ASUS's reputation due to supply-chain compromise
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Proprietary firmware/software and camera source code.
Which entities were affected by each incident ?
Incident : Malware Distribution ASU15138323
Entity Name: ASUS
Entity Type: Corporation
Industry: Electronics
Location: Taiwan
Size: Large
Customers Affected: Hundreds of thousands
Incident : Vulnerability Exploit ASU558051425
Entity Name: ASUS
Entity Type: Organization
Industry: Technology
Incident : Vulnerability ASU5132951111725
Entity Name: ASUS
Entity Type: Manufacturer
Industry: Technology/Hardware
Location: Taiwan (HQ)
Customers Affected: Users of ASUS DSL-AC51, DSL-N16, DSL-AC750 routers (and potentially other DSL-series models)
Incident : botnet ASU1192111111925
Entity Name: ASUS
Entity Type: technology manufacturer
Industry: consumer electronics/networking
Location: Taiwan
Customers Affected: thousands (router owners)
Incident : botnet ASU1192111111925
Entity Name: Router owners (individuals/organizations)
Entity Type: individuals, businesses, government entities
Location: TaiwanSoutheast Asia
Incident : Vulnerability ASU2932929112625
Entity Name: ASUS
Entity Type: Corporation
Industry: Technology (Hardware/Software)
Location: Global
Customers Affected: Millions of ASUS computer users worldwide
Incident : Ransomware ASU1764705548
Entity Name: ASUS
Entity Type: Corporation
Industry: Hardware and Electronics
Size: Large
Incident : Supply-Chain Attack ASU1766433512
Entity Name: ASUS
Entity Type: Technology Manufacturer
Industry: Consumer Electronics
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Vulnerability Exploit ASU558051425
Remediation Measures: Recommended users to apply the patch
Incident : Vulnerability ASU5132951111725
Incident Response Plan Activated: True
Containment Measures: Firmware update (version 1.1.2.3_1010) for DSL-AC51, DSL-N16, DSL-AC750Disabling internet-accessible services (remote WAN, port forwarding, DDNS, VPN, DMZ, port triggering, FTP) for unpatchable devicesRecommending strong passwords, avoiding credential reuse, and regular update checks
Remediation Measures: Firmware patchSecurity hardening guidance for end-of-life devices
Communication Strategy: Public advisory via ASUS support portalNetworking page notificationsMedia outreach
Incident : botnet ASU1192111111925
Incident Response Plan Activated: ['collaboration between SecurityScorecard and ASUS']
Third Party Assistance: Securityscorecard.
Communication Strategy: public disclosure via SecurityScorecard/ASUS reportmedia coverage (e.g., TechRadar)
Incident : Vulnerability ASU2932929112625
Containment Measures: Patch deployment (ASUS System Control Interface v3.1.48.0 for x64, v4.2.48.0 for ARM)
Remediation Measures: Urgent patch application via Windows UpdateMonitoring for suspicious activity
Communication Strategy: Public disclosureUser advisory for patch verification
Enhanced Monitoring: Recommended for exploitation attempts
Incident : Supply-Chain Attack ASU1766433512
Remediation Measures: Software product phased out and retired
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as collaboration between SecurityScorecard and ASUS, .
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through SecurityScorecard, .
Data Breach Information
What type of data was compromised in each breach ?
Incident : botnet ASU1192111111925
Data Encryption: ['self-signed TLS certificate (100-year validity) deployed on routers']
Incident : Ransomware ASU1764705548
Type of Data Compromised: Proprietary firmware/software, camera source code
Sensitivity of Data: High (proprietary source code)
Data Exfiltration: Yes
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Recommended users to apply the patch, Firmware patch, Security hardening guidance for end-of-life devices, , Urgent patch application via Windows Update, Monitoring for suspicious activity, , Software product phased out and retired.
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by firmware update (version 1.1.2.3_1010) for dsl-ac51, dsl-n16, dsl-ac750, disabling internet-accessible services (remote wan, port forwarding, ddns, vpn, dmz, port triggering, ftp) for unpatchable devices, recommending strong passwords, avoiding credential reuse, and regular update checks, , patch deployment (asus system control interface v3.1.48.0 for x64, v4.2.48.0 for arm) and .
Ransomware Information
Was ransomware involved in any of the incidents ?
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Vulnerability ASU5132951111725
Lessons Learned: Router vulnerabilities are high-value targets for botnet operators (e.g., Vicious Trap's AyySSHush campaign)., End-of-life hardware poses persistent risks if not properly secured or decommissioned., Proactive firmware updates and service hardening are critical for mitigating authentication bypass flaws.
Incident : botnet ASU1192111111925
Lessons Learned: End-of-life (EOL) devices pose significant risks if left unpatched or in use., State-sponsored actors leverage n-day vulnerabilities in legacy systems for espionage infrastructure., Long-lived certificates (e.g., 100-year TLS) can serve as indicators of sophisticated, persistent campaigns., Geopolitical alignment of compromised assets (e.g., Taiwan/Southeast Asia) highlights strategic targeting.
Incident : Supply-Chain Attack ASU1766433512
Lessons Learned: Importance of understanding historical vulnerabilities to evaluate past security assessments and the risks of trusted channels in supply-chain attacks. Emphasis on routine software audits and diligence regarding manufacturer updates for robust cybersecurity practices.
What recommendations were made to prevent future incidents ?
Incident : Vulnerability ASU5132951111725
Recommendations: Immediately apply firmware updates for affected ASUS DSL-series routers., Disable all internet-facing services (remote WAN, port forwarding, etc.) if patching is not feasible., Use strong, unique passwords for router administration and Wi-Fi networks., Regularly check for firmware updates and avoid credential reuse., Monitor for suspicious activity (e.g., unauthorized access, botnet C2 traffic)., Replace end-of-life routers with supported models where possible.Immediately apply firmware updates for affected ASUS DSL-series routers., Disable all internet-facing services (remote WAN, port forwarding, etc.) if patching is not feasible., Use strong, unique passwords for router administration and Wi-Fi networks., Regularly check for firmware updates and avoid credential reuse., Monitor for suspicious activity (e.g., unauthorized access, botnet C2 traffic)., Replace end-of-life routers with supported models where possible.Immediately apply firmware updates for affected ASUS DSL-series routers., Disable all internet-facing services (remote WAN, port forwarding, etc.) if patching is not feasible., Use strong, unique passwords for router administration and Wi-Fi networks., Regularly check for firmware updates and avoid credential reuse., Monitor for suspicious activity (e.g., unauthorized access, botnet C2 traffic)., Replace end-of-life routers with supported models where possible.Immediately apply firmware updates for affected ASUS DSL-series routers., Disable all internet-facing services (remote WAN, port forwarding, etc.) if patching is not feasible., Use strong, unique passwords for router administration and Wi-Fi networks., Regularly check for firmware updates and avoid credential reuse., Monitor for suspicious activity (e.g., unauthorized access, botnet C2 traffic)., Replace end-of-life routers with supported models where possible.Immediately apply firmware updates for affected ASUS DSL-series routers., Disable all internet-facing services (remote WAN, port forwarding, etc.) if patching is not feasible., Use strong, unique passwords for router administration and Wi-Fi networks., Regularly check for firmware updates and avoid credential reuse., Monitor for suspicious activity (e.g., unauthorized access, botnet C2 traffic)., Replace end-of-life routers with supported models where possible.Immediately apply firmware updates for affected ASUS DSL-series routers., Disable all internet-facing services (remote WAN, port forwarding, etc.) if patching is not feasible., Use strong, unique passwords for router administration and Wi-Fi networks., Regularly check for firmware updates and avoid credential reuse., Monitor for suspicious activity (e.g., unauthorized access, botnet C2 traffic)., Replace end-of-life routers with supported models where possible.
Incident : botnet ASU1192111111925
Recommendations: Replace or decommission EOL networking devices to eliminate attack surfaces., Monitor for unusual certificate lifetimes (e.g., 100-year TLS) as potential IoCs., Implement network segmentation to limit lateral movement via compromised routers., Enhance detection for ORB (Operational Relay Box)-like traffic patterns., Public-private collaboration for threat intelligence sharing (e.g., ASUS-SecurityScorecard model).Replace or decommission EOL networking devices to eliminate attack surfaces., Monitor for unusual certificate lifetimes (e.g., 100-year TLS) as potential IoCs., Implement network segmentation to limit lateral movement via compromised routers., Enhance detection for ORB (Operational Relay Box)-like traffic patterns., Public-private collaboration for threat intelligence sharing (e.g., ASUS-SecurityScorecard model).Replace or decommission EOL networking devices to eliminate attack surfaces., Monitor for unusual certificate lifetimes (e.g., 100-year TLS) as potential IoCs., Implement network segmentation to limit lateral movement via compromised routers., Enhance detection for ORB (Operational Relay Box)-like traffic patterns., Public-private collaboration for threat intelligence sharing (e.g., ASUS-SecurityScorecard model).Replace or decommission EOL networking devices to eliminate attack surfaces., Monitor for unusual certificate lifetimes (e.g., 100-year TLS) as potential IoCs., Implement network segmentation to limit lateral movement via compromised routers., Enhance detection for ORB (Operational Relay Box)-like traffic patterns., Public-private collaboration for threat intelligence sharing (e.g., ASUS-SecurityScorecard model).Replace or decommission EOL networking devices to eliminate attack surfaces., Monitor for unusual certificate lifetimes (e.g., 100-year TLS) as potential IoCs., Implement network segmentation to limit lateral movement via compromised routers., Enhance detection for ORB (Operational Relay Box)-like traffic patterns., Public-private collaboration for threat intelligence sharing (e.g., ASUS-SecurityScorecard model).
Incident : Vulnerability ASU2932929112625
Recommendations: Apply security updates (v3.1.48.0 for x64, v4.2.48.0 for ARM) immediately via Windows Update, Prioritize patch deployment in corporate environments to mitigate lateral movement risks, Monitor systems for signs of exploitation (e.g., unauthorized privilege escalation), Verify installed MyASUS version via Settings > AboutApply security updates (v3.1.48.0 for x64, v4.2.48.0 for ARM) immediately via Windows Update, Prioritize patch deployment in corporate environments to mitigate lateral movement risks, Monitor systems for signs of exploitation (e.g., unauthorized privilege escalation), Verify installed MyASUS version via Settings > AboutApply security updates (v3.1.48.0 for x64, v4.2.48.0 for ARM) immediately via Windows Update, Prioritize patch deployment in corporate environments to mitigate lateral movement risks, Monitor systems for signs of exploitation (e.g., unauthorized privilege escalation), Verify installed MyASUS version via Settings > AboutApply security updates (v3.1.48.0 for x64, v4.2.48.0 for ARM) immediately via Windows Update, Prioritize patch deployment in corporate environments to mitigate lateral movement risks, Monitor systems for signs of exploitation (e.g., unauthorized privilege escalation), Verify installed MyASUS version via Settings > About
Incident : Supply-Chain Attack ASU1766433512
Recommendations: Organizations and users should focus on legitimate vulnerability reports and updates concerning currently utilized systems to manage and protect against actual threats.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Router vulnerabilities are high-value targets for botnet operators (e.g., Vicious Trap's AyySSHush campaign).,End-of-life hardware poses persistent risks if not properly secured or decommissioned.,Proactive firmware updates and service hardening are critical for mitigating authentication bypass flaws.End-of-life (EOL) devices pose significant risks if left unpatched or in use.,State-sponsored actors leverage n-day vulnerabilities in legacy systems for espionage infrastructure.,Long-lived certificates (e.g., 100-year TLS) can serve as indicators of sophisticated, persistent campaigns.,Geopolitical alignment of compromised assets (e.g., Taiwan/Southeast Asia) highlights strategic targeting.Importance of understanding historical vulnerabilities to evaluate past security assessments and the risks of trusted channels in supply-chain attacks. Emphasis on routine software audits and diligence regarding manufacturer updates for robust cybersecurity practices.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Verify installed MyASUS version via Settings > About, Apply security updates (v3.1.48.0 for x64, v4.2.48.0 for ARM) immediately via Windows Update, Organizations and users should focus on legitimate vulnerability reports and updates concerning currently utilized systems to manage and protect against actual threats., Prioritize patch deployment in corporate environments to mitigate lateral movement risks, Monitor systems for signs of exploitation (e.g. and unauthorized privilege escalation).
References
Where can I find more information about each incident ?
Incident : Vulnerability ASU5132951111725
Source: ASUS Security Advisory
Incident : Vulnerability ASU5132951111725
Source: CISA KEV Catalog (CVE-2023-39780, CVE-2021-32030)
URL: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Incident : Vulnerability ASU5132951111725
Source: GreyNoise/Sekoia Report on Vicious Trap (AyySSHush Botnet)
Incident : botnet ASU1192111111925
Source: TechRadar
Incident : botnet ASU1192111111925
Source: SecurityScorecard & ASUS joint report
Incident : Vulnerability ASU2932929112625
Source: ASUS Security Advisory
Incident : Ransomware ASU1764705548
Source: Hackread.com
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: ASUS Security Advisory, and Source: CISA KEV Catalog (CVE-2023-39780, CVE-2021-32030)Url: https://www.cisa.gov/known-exploited-vulnerabilities-catalog, and Source: GreyNoise/Sekoia Report on Vicious Trap (AyySSHush Botnet), and Source: TechRadar, and Source: SecurityScorecard & ASUS joint report, and Source: ASUS Security Advisory, and Source: Hackread.com.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Vulnerability ASU5132951111725
Investigation Status: Ongoing (no confirmed in-the-wild exploitation reported)
Incident : botnet ASU1192111111925
Investigation Status: ongoing (disclosed by SecurityScorecard/ASUS)
Incident : Vulnerability ASU2932929112625
Investigation Status: Disclosed; Patches released
Incident : Ransomware ASU1764705548
Investigation Status: Ongoing
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public Advisory Via Asus Support Portal, Networking Page Notifications, Media Outreach, Public Disclosure Via Securityscorecard/Asus Report, Media Coverage (E.G., Techradar), Public Disclosure and User Advisory For Patch Verification.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Vulnerability ASU5132951111725
Stakeholder Advisories: Asus Support Portal Notifications, Public Security Bulletin.
Customer Advisories: Install firmware version 1.1.2.3_1010 immediately.Disable internet-exposed services if unable to patch.Follow security hardening guidelines for end-of-life devices.
Incident : botnet ASU1192111111925
Customer Advisories: ASUS likely issued advisories for affected router models (4G-AC55U, 4G-AC860U, DSL-AC68U, GT-AC5300, GT-AX11000, RT-AC1200HP, RT-AC1300GPLUS, RT-AC1300UHP)
Incident : Vulnerability ASU2932929112625
Stakeholder Advisories: Users and organizations advised to update immediately
Customer Advisories: Public notification issued with patch instructions
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Asus Support Portal Notifications, Public Security Bulletin, Install Firmware Version 1.1.2.3 1010 Immediately., Disable Internet-Exposed Services If Unable To Patch., Follow Security Hardening Guidelines For End-Of-Life Devices., , Asus Likely Issued Advisories For Affected Router Models (4G-Ac55U, 4G-Ac860U, Dsl-Ac68U, Gt-Ac5300, Gt-Ax11000, Rt-Ac1200Hp, Rt-Ac1300Gplus, Rt-Ac1300Uhp), , Users and organizations advised to update immediately and Public notification issued with patch instructions.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Malware Distribution ASU15138323
Entry Point: Compromised Update Server
Incident : Vulnerability ASU5132951111725
Entry Point: Improper Access Request Validation In Router Firmware,
High Value Targets: Router Management Interfaces, Potential For Botnet Recruitment,
Data Sold on Dark Web: Router Management Interfaces, Potential For Botnet Recruitment,
Incident : botnet ASU1192111111925
Entry Point: Exploited N-Day Vulnerabilities In Asus Routers,
Backdoors Established: ['self-signed TLS certificate for persistent C2']
High Value Targets: Geopolitical Entities In Taiwan/Southeast Asia,
Data Sold on Dark Web: Geopolitical Entities In Taiwan/Southeast Asia,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Vulnerability ASU5132951111725
Root Causes: Improper Validation Of Access Requests In Dsl-Series Router Firmware,
Corrective Actions: Firmware Patch To Block Authentication Bypass (Version 1.1.2.3 1010)., Security Guidance For Unpatchable/End-Of-Life Devices., Public Awareness Campaign On Router Hardening.,
Incident : botnet ASU1192111111925
Root Causes: Use Of Eol Routers With Unpatched N-Day Vulnerabilities, Lack Of Automatic Updates Or User Patching For Legacy Devices, Abuse Of Trusted Firmware (Asuswrt) For Malicious Purposes,
Incident : Vulnerability ASU2932929112625
Root Causes: Privilege Escalation Vulnerability In Asus System Control Interface Service,
Corrective Actions: Patch Release (V3.1.48.0, V4.2.48.0), Public Disclosure And Update Advisory,
Incident : Supply-Chain Attack ASU1766433512
Root Causes: Exploitation of trusted software update distribution network for ASUS Live Update utility
Corrective Actions: Phasing out and retiring the End-of-Life (EoL) software product
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Securityscorecard, , Recommended for exploitation attempts.
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Firmware Patch To Block Authentication Bypass (Version 1.1.2.3 1010)., Security Guidance For Unpatchable/End-Of-Life Devices., Public Awareness Campaign On Router Hardening., , Patch Release (V3.1.48.0, V4.2.48.0), Public Disclosure And Update Advisory, , Phasing out and retiring the End-of-Life (EoL) software product.
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Chinese state-sponsored actors and Everest Ransomware Group.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were 1TB of data and including camera source code.
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident were ASUS DSL-AC51ASUS DSL-N16ASUS DSL-AC750Potentially other DSL-series routers and thousands of ASUS routers and ASUS personal computers (desktops, laptops, NUC systems, All-in-One PCs) running MyASUS.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was securityscorecard, .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Firmware update (version 1.1.2.3_1010) for DSL-AC51, DSL-N16, DSL-AC750Disabling internet-accessible services (remote WAN, port forwarding, DDNS, VPN, DMZ, port triggering, FTP) for unpatchable devicesRecommending strong passwords, avoiding credential reuse, and regular update checks, Patch deployment (ASUS System Control Interface v3.1.48.0 for x64 and v4.2.48.0 for ARM).
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were 1TB of data and including camera source code.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Geopolitical alignment of compromised assets (e.g., Taiwan/Southeast Asia) highlights strategic targeting., Importance of understanding historical vulnerabilities to evaluate past security assessments and the risks of trusted channels in supply-chain attacks. Emphasis on routine software audits and diligence regarding manufacturer updates for robust cybersecurity practices.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Regularly check for firmware updates and avoid credential reuse., Apply security updates (v3.1.48.0 for x64, v4.2.48.0 for ARM) immediately via Windows Update, Disable all internet-facing services (remote WAN, port forwarding, etc.) if patching is not feasible., Enhance detection for ORB (Operational Relay Box)-like traffic patterns., Verify installed MyASUS version via Settings > About, Organizations and users should focus on legitimate vulnerability reports and updates concerning currently utilized systems to manage and protect against actual threats., Public-private collaboration for threat intelligence sharing (e.g., ASUS-SecurityScorecard model)., Prioritize patch deployment in corporate environments to mitigate lateral movement risks, Replace end-of-life routers with supported models where possible., Monitor systems for signs of exploitation (e.g., unauthorized privilege escalation), Immediately apply firmware updates for affected ASUS DSL-series routers., Monitor for unusual certificate lifetimes (e.g., 100-year TLS) as potential IoCs., Implement network segmentation to limit lateral movement via compromised routers., Monitor for suspicious activity (e.g., unauthorized access, botnet C2 traffic)., Replace or decommission EOL networking devices to eliminate attack surfaces., Use strong and unique passwords for router administration and Wi-Fi networks..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are TechRadar, CISA KEV Catalog (CVE-2023-39780, CVE-2021-32030), ASUS Security Advisory, GreyNoise/Sekoia Report on Vicious Trap (AyySSHush Botnet), Hackread.com and SecurityScorecard & ASUS joint report.
What is the most recent URL for additional resources on cybersecurity best practices ?
Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is https://www.cisa.gov/known-exploited-vulnerabilities-catalog .
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (no confirmed in-the-wild exploitation reported).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was ASUS support portal notifications, Public security bulletin, Users and organizations advised to update immediately, .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Install firmware version 1.1.2.3_1010 immediately.Disable internet-exposed services if unable to patch.Follow security hardening guidelines for end-of-life devices., ASUS likely issued advisories for affected router models (4G-AC55U, 4G-AC860U, DSL-AC68U, GT-AC5300, GT-AX11000, RT-AC1200HP, RT-AC1300GPLUS, RT-AC1300UHP) and Public notification issued with patch instructions.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Compromised Update Server.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Improper validation of access requests in DSL-series router firmware, Use of EOL routers with unpatched n-day vulnerabilitiesLack of automatic updates or user patching for legacy devicesAbuse of trusted firmware (AsusWRT) for malicious purposes, Privilege escalation vulnerability in ASUS System Control Interface Service, Exploitation of trusted software update distribution network for ASUS Live Update utility.
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Firmware patch to block authentication bypass (version 1.1.2.3_1010).Security guidance for unpatchable/end-of-life devices.Public awareness campaign on router hardening., Patch release (v3.1.48.0, v4.2.48.0)Public disclosure and update advisory, Phasing out and retiring the End-of-Life (EoL) software product.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A vulnerability has been found in SeaCMS up to 13.3. The affected element is an unknown function of the file js/player/dmplayer/dmku/class/mysqli.class.php. Such manipulation of the argument page/limit leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HappyDevs TempTool allows Stored XSS.This issue affects TempTool: from n/a through 1.3.1.
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tormorten WP Microdata allows Stored XSS.This issue affects WP Microdata: from n/a through 1.0.
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in HappyDevs TempTool allows Retrieve Embedded Sensitive Data.This issue affects TempTool: from n/a through 1.3.1.
Risk Information
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Description
A vulnerability has been found in Tenda FH1201 1.2.0.14(408). Affected is the function sprintf of the file /goform/SetIpBind. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
Risk Information
cvss2
Base: 9.0
Severity: LOW
AV:N/AC:L/Au:S/C:C/I:C/A:C
cvss3
Base: 8.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss4
Base: 7.4
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_FH1201/SetIpBind/SetIpBind.md
- https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_FH1201/SetIpBind/SetIpBind.md#reproduce
- https://vuldb.com/?ctiid.337689
- https://vuldb.com/?id.337689
- https://vuldb.com/?submit.719154
- https://www.tenda.com.cn/
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=asus' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
