CVE-2022-26669 ASUS Control Center is vulnerable to SQL injection

CVE-2022-26669 ASUS Control Center is vulnerable to SQL injection

Access restriction mechanisms in the product such as IP address or search keyword filtering are not applied to the Control Center interface, which makes it easier to access the interface of the product.

ASUS Control Center also exposes information of the local network via SNMP. An attacker can use SNMP to retrieve information such as the OS version, SNMP community, SNMP enterprise, SNMP agent host name and version, SNMP authentication, and SNMP trap destination to obtain more information about the network.

Router information such as version, administratively configured password, firmware version, and operating temperature can be obtained through SNMP. An attacker can use this information to launch further attacks on the router.

ASUS Control Center also exposes information about the local network via SNMP. An attacker can use this information to launch further attacks on the router.

ASUS Control Center is configured to allow remote management via HTTP, HTTPS, and SSH. An attacker can leverage the remote management features to gain full control of the product and install malicious code.

ASUS Control Center is configured to allow remote management via HTTP, HTTPS, and SSH. An attacker can leverage the remote management features to gain full control of the product and install malicious code.

ASUS Control Center also exposes information of the local network via SNMP

Router Information

The ASUS ROUTER LOG provides information about the router and the local network. This is accessible via SNMP. An attacker can use this information to launch further attacks on the router.

ASUS Control Center is configured to allow remote management via HTTP, HTTPS, and SSH. An attacker can leverage the remote management features to gain full control of the product and install malicious code.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe