Skip to main content

ASUS PTP Filter EUVDEUVD-2026-28485

| CVE-2026-6737 LOW
Exposed IOCTL with Insufficient Access Control (CWE-782)
2026-05-08 ASUS GHSA-q74f-j88c-7g46
2.0
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.0 LOW
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
May 08, 2026 - 03:30 vuln.today
CVSS changed
May 08, 2026 - 03:22 NVD
2.0 (LOW)
CVE Published
May 08, 2026 - 02:00 nvd
LOW 2.0

DescriptionCVE.org

An Exposed IOCTL with Insufficient Access Control vulnerability in AsusPTPFilter allows a local user to bypass driver security mechanisms and obtain restricted touchpad information or render the touchpad unusable via crafted IOCTL requests.Refer to the ' Security Update for ASUS Precision Touchpad ' section on the ASUS Security Advisory for more information.

AnalysisAI

AsusPTPFilter driver allows local authenticated users to bypass security mechanisms via crafted IOCTL requests, potentially leaking restricted touchpad information or disabling the touchpad entirely. The vulnerability requires local access and low-level privileges but impacts the integrity and availability of the touchpad subsystem. CVSS 2.0 reflects limited scope (low severity across confidentiality, integrity, availability), but the attack vector is local and requires existing user privileges.

Technical ContextAI

AsusPTPFilter is a Windows driver component for ASUS Precision Touchpad devices. The vulnerability stems from CWE-782 (Exposed IOCTL with Insufficient Access Control), meaning the driver exposes input/output control (IOCTL) interfaces without proper privilege validation. IOCTLs are kernel-mode calls that allow user-mode applications to interact with device drivers; insufficient access control permits any local user with basic privileges to invoke protected driver functions, bypassing intended security boundaries. The affected CPE (cpe:2.3:a:asus:asusptpfilter:*:*:*:*:*:*:*:*) indicates all versions of the driver are vulnerable.

RemediationAI

Check the ASUS Security Advisory (https://www.asus.com/security-advisory) under the 'Security Update for ASUS Precision Touchpad' section for the patched driver version and installation instructions. Download and install the latest ASUS PTP Filter driver from the official ASUS support portal for your specific device model. If a patched version is not yet available, restrict local user access to the system or disable the touchpad driver if it is not essential for your use case (trade-off: loss of touchpad functionality). For enterprise environments, enforce group policy restrictions to limit unprivileged user interactions with device drivers, or use endpoint protection tools to monitor and block unauthorized IOCTL calls to the driver.

Share

EUVD-2026-28485 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy