CVE-2022-26668 HIGH

CVE-2022-26668: ASUS Control Center - Broken Access Control

Vendor Asus

Product Control Center

Weakness CWE-269

Published June 20, 2022

Last update September 17, 2024

View on NVD All CVEs

CVSS base score

7.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

ASUS Control Center API has a broken access control vulnerability. An unauthenticated remote attacker can call privileged API functions to perform partial system operations or cause partial disrupt of service.

Key dates

02Disclosure timeline

June 20, 2022 CVE published

September 17, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-26668 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/269.html

Related vulnerabilities

04Related CVE

CVE-2023-3513 RazerCentralService Unsafe Deserialization Escalation of Privilege CVE-2026-22804 Termix has a Stored XSS in File Manager leading to Local File Inclusion (LFI) in Electron and Session Hijacking in Browser CVE-2025-7044 Privilege Escalation in MAAS via Websocket Request Manipulation CVE-2023-37866 WordPress JetFormBuilder plugin <= 3.0.8 - Authenticated Privilege Escalation vulnerability CVE-2023-4976 FlashBlade Authentication Mechanism Vulnerability