Privilege Escalation Vulnerability in ASUS Member Center
CVE-2026-3428

5.4MEDIUM

Key Information:

Vendor: Asus
Status: Member Center(华硕大厅)
Vendor: CVE Published:; 16 April 2026

What is CVE-2026-3428?

A vulnerability in the update modules of ASUS Member Center enables local users to escalate their privileges to Administrator. This is achieved through a Time-of-check Time-of-use (TOC-TOU) exploit during the update process, where an attacker can substitute a malicious payload for a legitimate file immediately after it's downloaded. If the user consents to the update, the malicious code is executed with elevated privileges, creating potential security risks. For more details, refer to the ASUS Security Advisory.

Affected Version(s)

Member Center(华硕大厅) 1.6.6.4 and earlier

References

https://www.asus.com/security-advisory/

vendor-advisory

CVSS V4

Score:

5.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2026
Vulnerability Reserved
Mar 2, 2026

CVE-2026-3428 Data

JSON

Asus

What is CVE-2026-3428?

Affected Version(s)

References

CVSS V4

Timeline