← back
CVE-2022-26669

ASUS Control Center - SQL Injection

CVSS 8.8 HIGHEPSS 1.0%CWE-89
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.8EPSS 1.0%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
20 Jun 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
ASUS Control Center is vulnerable to SQL injection. An authenticated remote attacker with general user privilege can inject SQL command to specific API parameters to acquire database schema or access data.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
ASUS · Control Center

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.twcert.org.tw/tw/cp-132-6056-b0d90-1.html