CVE-2026-7480

Summary

An Incorrect Permission Assignment for Critical Resource vulnerability in ASUS System Control Interface allows a local user to elevate privileges to SYSTEM and execute arbitrary code via a crafted RPC call that bypass the validation mechanism. Refer to the 'Security Update for ASUS System Control Interface' section on the ASUS Security Advisory for more information.

Affected Software

VendorProductVersion RangeStatus
ASUSASUS System Control Interface3.1.59.0 and earlieraffected
ASUSASUS System Control Interface3.2.60.0 and earlieraffected

Weaknesses

  • CWE-732: CWE-732 Incorrect Permission Assignment for Critical Resource

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References