Severity by source
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
An Exposed IOCTL with Insufficient Access Control vulnerability in AsusPTPFilter allows a local user to bypass driver security mechanisms and obtain restricted touchpad information or render the touchpad unusable via crafted IOCTL requests.Refer to the ' Security Update for ASUS Precision Touchpad ' section on the ASUS Security Advisory for more information.
AnalysisAI
AsusPTPFilter driver allows local authenticated users to bypass security mechanisms via crafted IOCTL requests, potentially leaking restricted touchpad information or disabling the touchpad entirely. The vulnerability requires local access and low-level privileges but impacts the integrity and availability of the touchpad subsystem. CVSS 2.0 reflects limited scope (low severity across confidentiality, integrity, availability), but the attack vector is local and requires existing user privileges.
Technical ContextAI
AsusPTPFilter is a Windows driver component for ASUS Precision Touchpad devices. The vulnerability stems from CWE-782 (Exposed IOCTL with Insufficient Access Control), meaning the driver exposes input/output control (IOCTL) interfaces without proper privilege validation. IOCTLs are kernel-mode calls that allow user-mode applications to interact with device drivers; insufficient access control permits any local user with basic privileges to invoke protected driver functions, bypassing intended security boundaries. The affected CPE (cpe:2.3:a:asus:asusptpfilter:*:*:*:*:*:*:*:*) indicates all versions of the driver are vulnerable.
RemediationAI
Check the ASUS Security Advisory (https://www.asus.com/security-advisory) under the 'Security Update for ASUS Precision Touchpad' section for the patched driver version and installation instructions. Download and install the latest ASUS PTP Filter driver from the official ASUS support portal for your specific device model. If a patched version is not yet available, restrict local user access to the system or disable the touchpad driver if it is not essential for your use case (trade-off: loss of touchpad functionality). For enterprise environments, enforce group policy restrictions to limit unprivileged user interactions with device drivers, or use endpoint protection tools to monitor and block unauthorized IOCTL calls to the driver.
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-28485
GHSA-q74f-j88c-7g46