{ "CVE_data_meta": { "AKA": "TWCERT/CC", "ASSIGNER": "cve@cert.org.tw", "DATE_PUBLIC": "2022-04-26T05:10:00.000Z", "ID": "CVE-2022-26669", "STATE": "PUBLIC", "TITLE": "ASUS Control Center - SQL Injection" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Control Center", "version": { "version_data": [ { "version_affected": "=", "version_value": "1.4.2.5" } ] } } ] }, "vendor_name": "ASUS" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "ASUS Control Center is vulnerable to SQL injection. An authenticated remote attacker with general user privilege can inject SQL command to specific API parameters to acquire database schema or access data." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-89 SQL Injection" } ] } ] }, "references": { "reference_data": [ { "refsource": "MISC", "url": "https://www.twcert.org.tw/tw/cp-132-6056-b0d90-1.html", "name": "https://www.twcert.org.tw/tw/cp-132-6056-b0d90-1.html" } ] }, "solution": [ { "lang": "eng", "value": "Update version to 1.4.3.2" } ], "source": { "advisory": "TVN-202203002", "discovery": "EXTERNAL" } }