CVE-2022-26669

ASUS Control Center is vulnerable to SQL injection. An authenticated remote attacker with general user privilege can inject SQL command to specific API parameters to acquire database schema or access data.
References
Link Resource
https://www.twcert.org.tw/tw/cp-132-6056-b0d90-1.html Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:asus:control_center:1.4.2.5:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-06-20 06:15

Updated : 2024-02-28 19:09


NVD link : CVE-2022-26669

Mitre link : CVE-2022-26669

CVE.ORG link : CVE-2022-26669


JSON object : View

Products Affected

asus

  • control_center
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')