CVE-2023-26602

CRITICAL

ASUS ASMB8 iKVM <1.14.51 - RCE

Title source: llm

Description

ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution.

Exploits (2)

exploitdb WORKING POC

by ub3rsick · textlocalhardware

https://www.exploit-db.com/exploits/52244

View Code ZIP pw:eip

nomisec STUB

by D1G17 · poc

https://github.com/D1G17/CVE-2023-26602

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/171137/ASUS-ASMB8-iKVM-1.14.51-SNMP-Remote-Root.html

[Exploit, Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2023/Feb/15

[Exploit, Third Party Advisory] https://nwsec.de/NWSSA-002-2023.txt

Scores

CVSS v3 9.8

EPSS 0.7861

EPSS Percentile 99.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-77

Status published

Products (1)

asus/asmb8-ikvm_firmware < 1.14.51

Published Feb 26, 2023

Tracked Since Feb 18, 2026