Techly NewsGet the app

Get the latest tech news

One-Click RCE in Asus's Preinstalled Driver Software


One-Click RCE in ASUS’s Preinstalled Driver Software Introduction This story begins with a conversation about new PC parts. After ignoring the advice from my friend, I bought a new ASUS motherboard for my PC. I was a little concerned about having a BIOS that would by default silently install software into my OS in the background. But it could be turned off so I figured I would just do that.

Immediately after logging into Windows I was hit with a notification requesting admin permissions to complete the installation of ASUS DriverHub, because I forgot to change the BIOS option. After a month of waiting I am happy to say that my test domain is the only website that fits the regex, meaning it is unlikely that this was being actively exploited prior to my reporting of it. When submitting the vulnerability report through ASUS’s Security Advisory form, Amazon CloudFront flagged the attached PoC as a malicious request and blocked the submission.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of ASUS

ASUS

Photo of click rce

click rce

Related news:

News photo

ASUS and Microsoft's Xbox-branded handheld appears in leaked FCC photos

News photo

ASUS adds, then removes, the ability to detect sagging in its latest ROG Astral GPUs

News photo

GPUs are so bulky now that Asus is using gyroscopes to detect sagging | Asus ROG Astral RTX 5090 includes an accelerometer that ties into GPU Tweak software

« Egypt’s Nawy, the largest proptech in Africa, lands a $52M Series A to take on MENA
CISA/DOGE Software Engineer's Login Credentials Appeared in Multiple Leaks From Info-Stealing Malware in Recent Years »