CVE-2022-26669

Description

ASUS Control Center is vulnerable to SQL injection. An authenticated remote attacker with general user privilege can inject SQL command to specific API parameters to acquire database schema or access data.

Related CPE's

aasuscontrol_center1.4.2.5*******

References

https://www.twcert.org.tw/tw/cp-132-6056-b0d90-1.html

Third Party Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

AccessComplexity

LOW

ConfidentialityImpact

PARTIAL

AvailabilityImpact

NONE

IntegrityImpact

NONE

BaseScore

4

VectorString

AV:N/AC:L/Au:S/C:P/I:N/A:N

Version

2.0

AccessVector

NETWORK

Authentication

SINGLE

Created by Yello
About Severity.io