ASUS DriverHub Flaw: When “One-Click RCE” is Just a Click Away!

Security researcher MrBruh found two vulnerabilities in Asus’s pre-installed DriverHub, allowing remote code execution with a single click. The exploit involves cleverly bypassing domain checks, transforming the mundane task of updating drivers into a hacker’s delight. Asus responded by offering MrBruh a spot in their “hall of fame” instead of a bug bounty.

3P
Published: May 12, 2025 6:50 pmAdded: May 12, 2025 at 12:18 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

It seems ASUS DriverHub was caught with its digital pants down, allowing anyone with a crafty URL to hijack the computer like it was a game of “Grand Theft Auto: Cyber Edition.” Not only did ASUS have a wild card domain issue, but when poked, it turned out their “Silent Install” feature was less silent and more of a loud invitation for mischief. ASUS, maybe it’s time to trade the hall of fame for a bug bounty. Just a thought!

Key Points:

– Security researcher ‘MrBruh’ found two critical vulnerabilities in ASUS DriverHub.
– Vulnerabilities allow remote code execution via crafted HTTP requests.
– The flaws are due to insufficient validation and wildcard domain matching.
– Exploit chain involves a spoofed subdomain downloading and installing malicious software.
– ASUS released security updates but does not offer bug bounties.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?