CVE-2026-3428

| EUVD-2026-23158 MEDIUM
2026-04-16 ASUS GHSA-49h6-4qj3-4f42
Privilege Escalation Member Center
5.4
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
P
Scope
X

Lifecycle Timeline

1
Analysis Generated
Apr 16, 2026 - 04:51 vuln.today

DescriptionNVD

A Download of Code Without Integrity Check vulnerability in the update modules in ASUS Member Center(华硕大厅) allows a local user to achieve privilege escalation to Administrator via exploitation of a Time-of-check Time-of-use (TOC-TOU) during the update process, where an unexpected payload is substituted for a legitimate one immediately after download, and subsequently executed with administrative privileges upon user consent. Refer to the 'Security Update for ASUS Member Center' section on the ASUS Security Advisory for more information.

AnalysisAI

Privilege escalation in ASUS Member Center (华硕大厅) versions 1.6.6.4 and earlier allows authenticated local users to achieve Administrator-level privilege escalation by exploiting a Time-of-check Time-of-use (TOC-TOU) race condition during the update process. An attacker can substitute a malicious payload for the legitimate downloaded update immediately after integrity verification completes but before execution, causing the compromised code to run with administrative privileges upon user consent. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-3428 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy