Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-26602

CWE-77Command Injection4 documents4 sources
Severity
9.8CRITICAL
EPSS
78.6%
top 0.96%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Asus Asmb8-ikvm Firmware
Timeline
PublishedFeb 26
Latest updateApr 16

Description

ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-hjqf-pmj4-5mh7: ASUS ASMB8 iKVM firmware through 12023-02-26
CVEList
CVE-2023-26602: ASUS ASMB8 iKVM firmware through 12023-02-26

💥Exploits & PoCs

1
Exploit-DB
ASUS ASMB8 iKVM 1.14.51 - Remote Code Execution (RCE)2025-04-16
CVE-2023-26602 (CRITICAL CVSS 9.8) | ASUS ASMB8 iKVM firmware through 1. | cvebase.io