ASUS Control Center - Broken Access Control
CVE-2022-26668

7.3HIGH

Key Information:

Vendor: Asus
Status: Control Center
Vendor: CVE Published:; 20 June 2022

Summary

ASUS Control Center API has a broken access control vulnerability. An unauthenticated remote attacker can call privileged API functions to perform partial system operations or cause partial disrupt of service.

Affected Version(s)

Control Center 1.4.2.5

References

https://www.twcert.org.tw/tw/cp-132-6055-c6500-1.html

x_refsource_MISC

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 20, 2022
Vulnerability Reserved
Mar 8, 2022