CVE-2022-38532
Description
MSI Center 1.0.50.0 contains a local privilege escalation vulnerability in the C_Features component of MSI.CentralServer.exe, allowing attackers to execute arbitrary commands as Administrator.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
MSI Center 1.0.50.0 contains a local privilege escalation vulnerability in the C_Features component of MSI.CentralServer.exe, allowing attackers to execute arbitrary commands as Administrator.
Vulnerability
MSI Center version 1.0.50.0 contains a local privilege escalation vulnerability in the C_Features component of MSI.CentralServer.exe. This service listens on localhost port 32682 and exposes a CMD_AutoUpdateSDK feature intended for automatic updates. The ExecuteTask function within this feature accepts user-supplied payloads and executes them with administrative privileges without proper validation, allowing arbitrary command execution [1].
Exploitation
An attacker with local access to the system can craft a malicious executable and send a specially crafted request to the MSI.CentralServer.exe service on port 32682. The CMD_AutoUpdateSDK feature splits the payload and executes it via ExecuteTask with high integrity. No authentication is required beyond local network access. The proof-of-concept demonstrates creating a new user and adding it to the Administrators group [1].
Impact
Successful exploitation allows an attacker to execute arbitrary commands with SYSTEM or Administrator privileges, leading to full compromise of the affected system. This includes creating privileged accounts, installing malware, or modifying system configurations [1].
Mitigation
As of the available references, no official patch has been released for this vulnerability. The listening port was changed to 32683 in MSI Center version 1.0.59.0, but it is unclear if the underlying vulnerability is addressed. Users should monitor for updates from MSI and restrict local access to trusted users. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Micro-Star International Co., Ltd/MSI Centerdescription
- Range: = 1.0.50.0
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The `CMD_AutoUpdateSDK` feature in `C_Features` accepts arbitrary user-supplied input and passes it to `ExecuteTask`, which runs the payload with administrative privileges without proper authorization or input validation."
Attack vector
An attacker who already has limited access to the local machine can send a crafted payload to the MSI Central Server listening on localhost port 32682. The `CMD_AutoUpdateSDK` feature, intended as an automatic updater, accepts user-supplied input, splits it into multiple parts, and passes it to the `ExecuteTask` function. This function then executes the attacker's payload with administrative privileges, enabling privilege escalation [ref_id=1].
Affected code
The vulnerability resides in the `C_Features` component of `MSI.CentralServer.exe`, specifically in the `CMD_AutoUpdateSDK` feature. This executable listens on localhost port 32682 (changed to 32683 in version 1.0.59.0) and collaborates with `MSI.TerminalServer.exe`. The `ExecuteTask` function within `CMD_AutoUpdateSDK` is the vulnerable code path that allows arbitrary command execution [ref_id=1].
What the fix does
No patch is provided in the bundle. The advisory notes that the listening port was changed from 32682 to 32683 in version 1.0.59.0, but this is a port change rather than a security fix addressing the root cause [ref_id=1]. The researcher's disclosure does not include a vendor-supplied patch or remediation guidance beyond the port update.
Preconditions
- networkAttacker must have local network access to the MSI Central Server listening on localhost (port 32682 or 32683)
- inputAttacker must be able to run a crafted executable or script on the local machine
Reproduction
The researcher provides a proof-of-concept that generates a payload, hex-encodes it, and runs a script locally. The PoC creates a user named "hacker" with password "hacker123" and adds it to the Administrators group. A video demonstration is available at https://user-images.githubusercontent.com/64528432/188067866-f30fe089-db76-4cc0-81ce-f74871769b33.mp4 [ref_id=1].
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
News mentions
0No linked articles in our index yet.