Heyheysky

**Name of the Vulnerable Software and Affected Versions** SUNIX Multi I/O Card version 10.1.0.0 **Description** An issue in the snxpcamd.sys component allows attackers to perform arbitrary read and write actions via supplying crafted IOCTL requests. This enables attackers to manipulate the system, posing a significant risk. **Recommendations** For SUNIX Multi I/O Card version 10.1.0.0, consider disabling the snxpcamd.sys component until a patch is available to prevent exploitation. Restrict access to the vulnerable component to minimize the risk of arbitrary read and write actions. Avoid using crafted IOCTL requests in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SUNIX Serial Driver x64 version 10.1.0.0 **Description** A vulnerability exists in the driver snxpsamd.sys, allowing low-privileged users to read and write to arbitrary I/O ports via specially crafted IOCTL requests. This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. The signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code. **Recommendations** For SUNIX Serial Driver x64 version 10.1.0.0, consider disabling the `snxpsamd.sys` driver until a patch is available to prevent exploitation. Restrict access to the vulnerable driver to minimize the risk of privilege escalation and code execution under high privileges. Avoid using specially crafted IOCTL requests in the affected driver until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ASUS System Analysis IO version 1.0.0 **Description** The issue is related to improper access control in the AsusSAIO.sys driver, which may allow the misuse of software functionality when crafted IOCTL requests are supplied. This can lead to arbitrary read and write actions, potentially allowing attackers to perform unauthorized operations. **Recommendations** For ASUS System Analysis IO version 1.0.0, consider disabling the AsusSAIO.sys driver until a patch is available to prevent the misuse of software functionality. Restrict access to the vulnerable component to minimize the risk of exploitation. Avoid using crafted IOCTL requests in the affected driver until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Motorola SM56 Modem WDM Driver version 6.12.23.0 **Description** A vulnerability exists in the SmSerl64.sys driver, allowing low-privileged users to map physical memory via specially crafted IOCTL requests. This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. The signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code. **Recommendations** For Motorola SM56 Modem WDM Driver version 6.12.23.0, consider disabling the SmSerl64.sys driver until a patch is available to prevent exploitation. Restrict access to the IOCTL requests to minimize the risk of privilege escalation and code execution. Avoid using the driver for critical operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.