CVE-2022-26669: ASUS Control Center - SQL Injection
First published: Mon Jun 20 2022(Updated: )
ASUS Control Center is vulnerable to SQL injection. An authenticated remote attacker with general user privilege can inject SQL command to specific API parameters to acquire database schema or access data.
Credit: twcert@cert.org.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ASUS Control Center | =1.4.2.5 |
Remedy
Update version to 1.4.3.2
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-26669?
CVE-2022-26669 is a vulnerability in ASUS Control Center that allows an authenticated remote attacker to perform SQL injection attacks.
What is the severity of CVE-2022-26669?
The severity of CVE-2022-26669 is high with a CVSS score of 6.5.
Which version of ASUS Control Center is affected by CVE-2022-26669?
CVE-2022-26669 affects ASUS Control Center version 1.4.2.5.
How can an authenticated remote attacker exploit CVE-2022-26669?
An authenticated remote attacker with general user privilege can inject SQL commands to specific API parameters to acquire database schema or access data.
Is there a fix for CVE-2022-26669?
There is no known fix for CVE-2022-26669 at the moment. It is recommended to contact the vendor for updates and patches.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/title
- agent/remedy
- agent/severity
- agent/first-publish-date
- agent/description
- agent/tags
- agent/event
- vendor/asus
- canonical/asus control center
- version/asus control center/1.4.2.5