CVE-2018-10709

HIGH

Asrock A-tuning < 3.0.210 - Incorrect Permission Assignment

Title source: rule

Description

The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write CR register values. This could be leveraged in a number of ways to ultimately run code with elevated privileges.

Exploits (1)

exploitdb WORKING POC

by SecureAuth · textdoswindows

https://www.exploit-db.com/exploits/45716

View Code ZIP pw:eip

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://www.secureauth.com/labs/advisories/asrock-drivers-elevation-privilege-vulnerabilities

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/45716/

Scores

CVSS v3 7.8

EPSS 0.0022

EPSS Percentile 44.9%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-732

Status published

Products (4)

asrock/a-tuning < 3.0.210

asrock/f-stream < 3.0.210

asrock/restart_to_uefi < 1.0.6.2

asrock/rgbled < 1.0.35.1

Published Oct 30, 2018

Tracked Since Feb 18, 2026