CVE-2022-26669

ASUS Control Center is vulnerable to SQL injection. An authenticated remote attacker with general user privilege can inject SQL command to specific API parameters to acquire database schema or access data.
Configurations

Configuration 1 (hide)

cpe:2.3:a:asus:control_center:1.4.2.5:*:*:*:*:*:*:*

History

21 Nov 2024, 06:54

Type Values Removed Values Added
CVSS v2 : 4.0
v3 : 6.5
v2 : 4.0
v3 : 8.8
References () https://www.twcert.org.tw/tw/cp-132-6056-b0d90-1.html - Third Party Advisory () https://www.twcert.org.tw/tw/cp-132-6056-b0d90-1.html - Third Party Advisory

Information

Published : 2022-06-20 06:15

Updated : 2024-11-21 06:54


NVD link : CVE-2022-26669

Mitre link : CVE-2022-26669

CVE.ORG link : CVE-2022-26669


JSON object : View

Products Affected

asus

  • control_center
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')