ASUS Armoury Crate has a vulnerability in arbitrary file write and allows remote attackers to access or modify arbitrary files by sending specific HTTP requests without permission.
The vulnerability consists of a lack of proper permission verification (CWE-306) before handling HTTP requests directed to the ASUS Armoury Crate application component. An attacker can send specific HTTP requests without authentication, which allows arbitrary reading or modification of files on the file system of the machine running the software. The lack of an access control mechanism means that any remote network entity can perform these operations.
An attacker can read confidential system or user files (breach of confidentiality), as well as write or modify arbitrary files (breach of integrity and potentially availability), which could consequently lead to complete system takeover.
Patches available from the vendor should be applied according to the references (https://www.twcert.org.tw/tw/cp-132-7666-fffce-1.html). Until updates are applied, it is recommended to restrict network access to ports used by ASUS Armoury Crate at the firewall level and avoid running the application on systems directly exposed to untrusted networks.
ASUS Armoury Crate — versions indicated in the vendor's references
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HAsus Armoury Crate
APPAsus< 4.1.0.8
Related vulnerabilities
ASUS SetupAsusServices v1.0.5.1 in Asus Armoury Crate v5.3.4.0 contains an unquoted service path vulnerability...
ASUS EC Tool driver (aka d.sys) 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, as signed by...
ASUS Live Update — kompromitacja łańcucha dostaw (supply chain compromise)
The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 and Lyra Mini before 3.0.0.4_...
Authentication bypass w routerach ASUS z serii DSL — nieautoryzowany dostęp zdalny