ASUS Control Center - Broken Access Control
CVE-2022-26668

7.3HIGH

Key Information:

Vendor: Asus
Status: Control Center
Vendor: CVE Published:; 20 June 2022

What is CVE-2022-26668?

ASUS Control Center API has a broken access control vulnerability. An unauthenticated remote attacker can call privileged API functions to perform partial system operations or cause partial disrupt of service.

Affected Version(s)

Control Center 1.4.2.5

References

https://www.twcert.org.tw/tw/cp-132-6055-c6500-1.html

x_refsource_MISC

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 20, 2022
Vulnerability Reserved
Mar 8, 2022

Asus

What is CVE-2022-26668?

Affected Version(s)

References

CVSS V3.1

Timeline