PT-2020-12268 · Asus+1 · Asus Device Activation+1

Published

2020-03-25

Updated

2021-07-21

CVE-2020-10649

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ASUS Device Activation versions prior to 1.0.7.0

Description The issue allows for unsigned code execution with no additional restrictions when a user places an application at a specific path with a particular file name. This is related to DevActSvc.exe in ASUS Device Activation for Windows 10 notebooks and PCs.

Recommendations For versions prior to 1.0.7.0, update to version 1.0.7.0 or later to resolve the issue.

Exploit

Fix

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-427

Related Identifiers

CVE-2020-10649

Affected Products

Asus Device Activation

Windows 10

PT-2020-12268 · Asus+1 · Asus Device Activation+1

CVE-2020-10649

Weakness Enumeration

Related Identifiers

Affected Products

References · 8