Vulnerabilities > Asus > Armoury Crate

DATE CVE VULNERABILITY TITLE RISK
2024-01-19 CVE-2023-5716 Missing Authentication for Critical Function vulnerability in Asus Armoury Crate
ASUS Armoury Crate has a vulnerability in arbitrary file write and allows remote attackers to access or modify arbitrary files by sending specific HTTP requests without permission.
network
low complexity
asus CWE-306
critical
 9.8
9.8
2023-07-26 CVE-2023-26911 Unquoted Search Path or Element vulnerability in Asus Armoury Crate and Setupasusservices
ASUS SetupAsusServices v1.0.5.1 in Asus Armoury Crate v5.3.4.0 contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges.
local
low complexity
asus CWE-428
7.8
7.8
2023-02-15 CVE-2022-42455 Unspecified vulnerability in Asus Armoury Crate 4.1.0.8/5.3.4.0
ASUS EC Tool driver (aka d.sys) 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, as signed by ASUS and shipped with multiple ASUS software products, contains multiple IOCTL handlers that provide raw read and write access to port I/O and MSRs via unprivileged IOCTL calls.
local
low complexity
asus
7.8
7.8