Primary

Context

ASUS Member Center Privilege Escalation Vulnerability

Vulnerability

A vulnerability allowing privilege escalation to Administrator has been identified in the update modules of ASUS Member Center, versions through 1.6.6.4. This vulnerability arises from a download of code without integrity checks, exploiting a Time-of-check Time-of-use (TOC-TOU) issue during the update process. A local user can substitute an unexpected payload for a legitimate one immediately after download, which is then executed with administrative privileges upon user consent.

Impact

Exploitation of this vulnerability allows a local user to gain administrative privileges on the affected system.

Remediation

Users can refer to the 'Security Update for ASUS Member Center' section on the ASUS Security Advisory for update instructions.

Added: Apr 16, 2026, 3:30 AM

Updated: Apr 16, 2026, 3:30 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

2.4

remediation

0.0

relevance

6.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

2.4

remediation

0.0

relevance

6.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ASUS Member Center Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating