One-Click RCE in ASUS’s Preinstalled Driver Software Part Two of this series on ASUS will be dropping by the end of (this) month (06), yes it somehow manages to get worse (Everyone who made an ASUS account may have their personal info exposed). Hi Low Level Fellas, Hope you enjoy my blog, there are a bunch more you can read on my homepage. I also have RSS and a new blog on the way so stay tuned!
  • just_another_person@lemmy.worldEnglish
    64·
    15 hours ago

    This person is getting to be fucking annoying.

    The title is definitely not as described, only applies to Windows (I think), and won’t work without a permissions escalation.

    The only reason it’s classified as a CVE is because they requested it be such.

    There are no payload attacks proven here, or PoC attack code. This person has been posting pretty basic “hacks” for a few years, and makes a mountain out of an anthill every damn time.

    🙄 Ugh

    • priapus@piefed.socialEnglish
      1·
      3 minutes ago

      only applies to Windows (I think)

      Well yeah, its a vulnerability in the windows software. Nothing they said implied otherwise.

      and won’t work without a permissions escalation.

      I dont think thats true, could you explain why that would be? This article mentioned no need for a permissions escalation. In fact it seems that the RCE is automatically run as administrator by the driver process.

    • ryannathans@aussie.zoneEnglish
      5·
      16 hours ago

      How could it apply to any other operating system than Windows? Pre installed drivers, in a pre installed OS? They probably don’t even write drivers for other OS

    • LupusBlackfur@lemmy.worldEnglish
      3·
      18 hours ago

      This person is getting to be fucking annoying.

      🤷‍♂️ Sounds like a job for the “block user” feature… 🤔