ASUS SetupAsusServices v1.0.5.1 in Asus Armoury Crate v5.3.4.0 contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HAsus Armoury Crate
APPAsus≤ 5.3.4.0Asus Setupasusservices
APPAsus≤ 1.0.5.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2023-5716CRITICAL9.8PL ✓ten sam produkt
ASUS Armoury Crate — zapis i odczyt dowolnych plików przez sieć bez uwierzytelnienia
CVE-2022-42455HIGH7.8ten sam produkt
ASUS EC Tool driver (aka d.sys) 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, as signed by...
CVE-2025-59374CRITICAL9.3⚠ KEVPL ✓ten sam vendor
ASUS Live Update — kompromitacja łańcucha dostaw (supply chain compromise)
CVE-2021-32030CRITICAL9.8⚠ KEVten sam vendor
The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 and Lyra Mini before 3.0.0.4_...
CVE-2025-59367CRITICAL9.3PL ✓ten sam vendor
Authentication bypass w routerach ASUS z serii DSL — nieautoryzowany dostęp zdalny