CVE-2022-26668: ASUS Control Center - Broken Access Control
First published: Mon Jun 20 2022(Updated: )
ASUS Control Center API has a broken access control vulnerability. An unauthenticated remote attacker can call privileged API functions to perform partial system operations or cause partial disrupt of service.
Credit: twcert@cert.org.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ASUS Control Center | =1.4.2.5 |
Remedy
Update version to 1.4.3.2
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this ASUS Control Center API vulnerability?
The vulnerability ID for this ASUS Control Center API vulnerability is CVE-2022-26668.
What is the severity of the CVE-2022-26668 vulnerability?
The severity of the CVE-2022-26668 vulnerability is high with a severity value of 6.5.
How can an attacker exploit the CVE-2022-26668 vulnerability?
An unauthenticated remote attacker can call privileged API functions to perform partial system operations or cause partial disruption of service.
Which software version of ASUS Control Center is affected by the CVE-2022-26668 vulnerability?
The ASUS Control Center version 1.4.2.5 is affected by the CVE-2022-26668 vulnerability.
Is there a fix available for the CVE-2022-26668 vulnerability?
Please refer to the vendor's official website or security advisory for information on available fixes for the CVE-2022-26668 vulnerability.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/title
- agent/last-modified-date
- agent/author
- agent/remedy
- agent/first-publish-date
- agent/event
- agent/description
- agent/tags
- vendor/asus
- canonical/asus control center
- version/asus control center/1.4.2.5