CVE-2026-3428

CVSS v4.0

5.4

Medium

Vector

AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions ASUS Member Center (affected versions not specified)

Description A Download of Code Without Integrity Check issue in the update modules allows a local user to achieve privilege escalation to Administrator. This occurs through the exploitation of a Time-of-check Time-of-use (TOC-TOU) during the update process, where a TOC-TOU is a race condition where a system checks a condition and then uses the result, but the condition changes between the check and the use. An unexpected payload can be substituted for a legitimate one immediately after download and subsequently executed with administrative privileges upon user consent.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

Time Of Check To Time Of Use

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-367CWE-494

Related Identifiers

CVE-2026-3428

Affected Products

Asus Member Center

CVE-2026-3428

Weakness Enumeration

Related Identifiers

Affected Products

References · 3