cvedb.io
CVE-2022-26672
HIGH · CVSS 7.3
EPSS exploitation probability: 0%
Published 2022-04-22T07:15:07.510 · Last modified 2026-06-17T04:35:37.553

Summary

ASUS WebStorage has a hardcoded API Token in the APP source code. An unauthenticated remote attacker can use this token to establish connections with the server and carry out login attempts to general user accounts. A successful login to a general user account allows the attacker to access, modify or delete this user account information.

Affected products

asus — webstorage

Does this affect you?

Add your gear to cvedb and we'll alert you only when asus ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.