CVE-2026-3428
MEDIUMASUS Member Center < 1.6.6.4 - Privilege Escalation via Time-of-check Time-of-use Race Condition
Title source: llmDescription
A Download of Code Without Integrity Check vulnerability in the update modules in ASUS Member Center(华硕大厅) allows a local user to achieve privilege escalation to Administrator via exploitation of a Time-of-check Time-of-use (TOC-TOU) during the update process, where an unexpected payload is substituted for a legitimate one immediately after download, and subsequently executed with administrative privileges upon user consent. Refer to the 'Security Update for ASUS Member Center' section on the ASUS Security Advisory for more information.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://www.asus.com/security-advisory/
Scores
CVSS v4
5.4
EPSS
0.0007
EPSS Percentile
0.1%
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-367
CWE-494
Status
published
Products (1)
ASUS/Member Center(华硕大厅)
1.6.6.4 and earlier
Published
Apr 16, 2026
Tracked Since
Apr 16, 2026