Vulnerabilities > CVE-2022-26668 - Incorrect Authorization vulnerability in Asus Control Center 1.4.2.5

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

LOW

network

low complexity

asus

CWE-863

NVD

Published: 2022-06-20

Updated: 2022-06-27

Summary

ASUS Control Center API has a broken access control vulnerability. An unauthenticated remote attacker can call privileged API functions to perform partial system operations or cause partial disrupt of service.

Vulnerable Configurations

Part	Description	Count
Application	Asus Asus Control Center 1.4.2.5	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://www.twcert.org.tw/tw/cp-132-6055-c6500-1.html