VYPR

Control Center

by Gigabyte

CVEs (10)

  • CVE-2026-4415HigMar 30, 2026
    risk 0.53cvss 8.1epss 0.01

    Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Write vulnerability. When the pairing feature is enabled, unauthenticated remote attackers can write arbitrary files to any location on the underlying operating system, leading to arbitrary code execution or…

  • CVE-2026-4416HigMar 30, 2026
    risk 0.51cvss 7.8epss 0.00

    The Performance Library component of Gigabyte Control Center has an Insecure Deserialization vulnerability. Authenticated local attackers can send a malicious serialized payload to the EasyTune Engine service, resulting in privilege escalation.

  • CVE-2015-2099Jul 22, 2021
    risk 0.05cvss epss 0.14

    Multiple buffer overflows in WebGate Control Center allow remote attackers to execute arbitrary code via unspecified vectors to the (1) GetRecFileInfo function in the FileConverter.FileConverterCtrl.1 control, (2) Login function in the LoginContoller.LoginControllerCtrl.1…

  • CVE-2022-20916Jul 21, 2022
    risk 0.00cvss epss 0.01

    A vulnerability in the web-based management interface of Cisco IoT Control Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface…

  • CVE-2022-26669Jun 20, 2022
    risk 0.00cvss epss 0.01

    ASUS Control Center is vulnerable to SQL injection. An authenticated remote attacker with general user privilege can inject SQL command to specific API parameters to acquire database schema or access data.

  • CVE-2022-26668Jun 20, 2022
    risk 0.00cvss epss 0.01

    ASUS Control Center API has a broken access control vulnerability. An unauthenticated remote attacker can call privileged API functions to perform partial system operations or cause partial disrupt of service.

  • CVE-2015-2100Jul 22, 2021
    risk 0.00cvss epss 0.03

    Multiple stack-based buffer overflows in WebGate eDVR Manager and Control Center allow remote attackers to execute arbitrary code via unspecified vectors to the (1) TCPDiscover or (2) TCPDiscover2 function in the WESPDiscovery.WESPDiscoveryCtrl.1 control.

  • CVE-2021-33408May 27, 2021
    risk 0.00cvss epss 0.01

    Local File Inclusion vulnerability in Ab Initio Control>Center before 4.0.2.6 allows remote attackers to retrieve arbitrary files. Fixed in v4.0.2.6 and v4.0.3.1.

  • CVE-2021-30126Apr 2, 2021
    risk 0.00cvss epss 0.01

    Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1 allows anyone who knows the URL of a publicly available Lightmeter instance to access application settings, possibly including an SMTP password and a Slack access token, via a settings HTTP query.

  • CVE-2019-14599Dec 16, 2019
    risk 0.00cvss epss 0.00

    Unquoted service path in Control Center-I version 2.1.0.0 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.