2 matches found
CVE-2022-26668
CVE-2022-26668 is an ASUS Control Center API broken access-control vulnerability. Connected docs indicate affected product ASUS Control Center, with vulnerable version referenced by CNNVD as v1.4.2.5. The flaw allows an unauthenticated remote attacker to call privileged API functions, enabling pa...
CVE-2022-26669
ASUS Control Center is affected by CVE-2022-26669: an authenticated remote attacker with general user privilege can inject SQL commands into specific API parameters to obtain database schema or access data. The vulnerability is documented in NVD/CNVD/CNNVD entries and related lists; exploitation ...