CVE-2022-26668— ASUS Control Center - Broken Access Control
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-26668
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ASUS Control Center - Broken Access Control
Source: NVD (National Vulnerability Database)
Vulnerability Description
ASUS Control Center API has a broken access control vulnerability. An unauthenticated remote attacker can call privileged API functions to perform partial system operations or cause partial disrupt of service.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
特权管理不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
ASUS Control Center 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
ASUS Control Center是中国华硕(ASUS)公司的一款全新的集中式 IT 管理软件。该软件能够监控与控制华硕服务器,工作站。 ASUS Control Center v1.4.2.5 版本存在安全漏洞,该漏洞源于 API 有一个损坏的访问控制问题。未经身份验证的远程攻击者利用该漏洞可以调用特权 API 函数来执行部分系统操作或导致部分服务中断。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| ASUS | Control Center | 1.4.2.5 | - |
II. Public POCs for CVE-2022-26668
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-26668
请登录查看更多情报信息。
- https://www.twcert.org.tw/tw/cp-132-6055-c6500-1.htmlx_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2022-26668
IV. Related Vulnerabilities
Same product: Control Center
- CVE-2025-7884
Eluktronics Control Center REG File data authenticity - CVE-2025-7883
Eluktronics Control Center Powershell Script Command command - CVE-2023-43052
IBM Control Center external service interaction - CVE-2023-35894
IBM Control Center HOST header injection - CVE-2024-35114
IBM Control Center information disclosure
Same weakness: CWE-269
- CVE-2026-42562
Plainpad: Privilege Escalation via Writable Admin Field in P - CVE-2026-41163
bubblewrap vulnerable to privilege escalation in setuid mode - CVE-2026-44987
SysReptor: Privilege Escalation from User Admin to Superuser - CVE-2026-42185
People: Privilege Escalation via Missing Role Ceiling in Mai - CVE-2026-40001
Local privilege escalation vulnerability in ZTE PROCESS Guar
V. Comments for CVE-2022-26668
No comments yet