CVE-2026-6737
Awaiting Analysis Awaiting Analysis - Queue
Exposed IOCTL with Insufficient Access Control in AsusPTPFilter

Publication date: 2026-05-08

Last updated on: 2026-05-08

Assigner: ASUS

Description
An Exposed IOCTL with Insufficient Access Control vulnerability in AsusPTPFilter allows a local user to bypass driver security mechanisms and obtain restricted touchpad information or render the touchpad unusableΒ via crafted IOCTL requests.Refer to the ' Security Update for ASUS Precision TouchpadΒ ' section on the ASUS Security Advisory for more information.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-08
Generated
2026-05-09
AI Q&A
2026-05-08
EPSS Evaluated
N/A
NVD
CVE-2026-6737
EUVD
EUVD-2026-28485
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
asus precision_touchpad *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-782 The product implements an IOCTL with functionality that should be restricted, but it does not properly enforce access control for the IOCTL.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an Exposed IOCTL with Insufficient Access Control in the AsusPTPFilter driver. It allows a local user to bypass the driver's security mechanisms by sending specially crafted IOCTL requests. As a result, the attacker can either obtain restricted information from the touchpad or cause the touchpad to become unusable.


How can this vulnerability impact me? :

The impact of this vulnerability includes unauthorized access to restricted touchpad information and the potential to render the touchpad unusable. This could disrupt normal device functionality and compromise user privacy or device integrity.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart