CVE-2019-11060

HIGH

ASUS HG100 Firmware < 1.05.12 - Unauthenticated Denial of Service via Slowloris HTTP Attack

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-11060. PoCs published by YinT Wang.

AI-analyzed exploit summary This exploit demonstrates a denial-of-service (DoS) attack against ASUS HG100 devices via IPv4 packet flooding using hping3 or SlowHTTPDOS using slowhttptest. The attack requires local network access and causes the device's web server to crash after sustained traffic.

Description

The web api server on Port 8080 of ASUS HG100 firmware up to 1.05.12, which is vulnerable to Slowloris HTTP Denial of Service: an attacker can cause a Denial of Service (DoS) by sending headers very slowly to keep HTTP or HTTPS connections and associated resources alive for a long period of time. CVSS 3.0 Base score 7.4 (Availability impacts). CVSS vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).

Exploits (1)

exploitdb WORKING POC
by YinT Wang · bashdoshardware
https://www.exploit-db.com/exploits/46720

This exploit demonstrates a denial-of-service (DoS) attack against ASUS HG100 devices via IPv4 packet flooding using hping3 or SlowHTTPDOS using slowhttptest. The attack requires local network access and causes the device's web server to crash after sustained traffic.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: ASUS HG100 with firmware version 1.05.12
No auth needed
Prerequisites: Local network access to the target device · hping3 or slowhttptest installed on the attacker's machine
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory x_refsource_confirm
https://tvn.twcert.org.tw/taiwanvn/TVN-201906002
Third Party Advisory x_refsource_confirm
http://surl.twcert.org.tw/aarVJ
Not Applicable, Third Party Advisory, VDB Entry x_refsource_confirm
https://www.exploit-db.com/exploits/46720

Scores

CVSS v3 7.5
EPSS 0.0296
EPSS Percentile 85.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-400 CWE-770
Status published
Products (1)
asus/hg100_firmware < 1.05.12
Published Aug 29, 2019
Tracked Since Feb 18, 2026