Description
DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10 notebooks and PCs could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_misc
https://www.asus.com/Static_WebPage/ASUS-Product-Security-Advisory/
Vendor Advisory x_refsource_misc
https://www.asus.com/support/FAQ/1042640/
Exploit, Mailing List, Third Party Advisory x_refsource_misc
https://drive.google.com/file/d/1Ap293b7bZLen6DmheppR1IUFEAsCSORC/view?usp=sharing
Vendor Advisory x_refsource_misc
https://www.asus.com/Laptops/ASUS-TUF-Gaming-FX504/HelpDesk_Download/
Scores
CVSS v3
7.8
EPSS
0.0026
EPSS Percentile
49.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-427
Status
published
Products (1)
asus/device_activation
< 1.0.7.0
Published
Mar 25, 2020
Tracked Since
Feb 18, 2026