Main
Vulnerability Database
Exploits
ID:6154 - Exploit for Privilege escalation in ASRock products - CVE-2018-10709
ID:6154 - Exploit for Privilege escalation in ASRock products - CVE-2018-10709
Published: June 17, 2021
Vulnerability identifier: #VU15550
Vulnerability risk: High
CVE-ID: CVE-2018-10709
CWE-ID: CWE-264
Exploitation vector: Remote access
Vulnerable software:
ASRock RGBLED
ASRock RestartToUEFI
ASRock F-Stream
ASRock A-Tuning
ASRock RGBLED
ASRock RestartToUEFI
ASRock F-Stream
ASRock A-Tuning
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to gain elevated privileges on the target system.
The weakness exists due to the drivers expose functionality to read and write control register (CR) values. A remote attacker can execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists due to the drivers expose functionality to read and write control register (CR) values. A remote attacker can execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Update ASRock RGBLED to version 1.0.36
Update ASRock A-Tuning to version 3.0.216,
Update ASRock F-Stream to version 3.0.216,
Update ASRock RestartToUEFI to version 1.0.7.
Update ASRock A-Tuning to version 3.0.216,
Update ASRock F-Stream to version 3.0.216,
Update ASRock RestartToUEFI to version 1.0.7.