ASUS WebStorage has a hardcoded API Token in the APP source code. An unauthenticated remote attacker can use this token to establish connections with the server and carry out login attempts to general user accounts. A successful login to a general user account allows the attacker to access, modify or delete this user account information.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/tw/cp-132-6041-7bd67-1.html | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: twcert
Published: 2022-04-22T00:00:00
Updated: 2022-04-22T06:50:16
Reserved: 2022-03-08T00:00:00
Link: CVE-2022-26672
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-04-22T07:15:07.510
Modified: 2022-05-04T12:49:28.690
Link: CVE-2022-26672
JSON object: View
Redhat Information
No data.
CWE