MSI
Products
13- 5 CVEs
- 3 CVEs
- 3 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 0 CVEs
- 0 CVEs
Recent CVEs
17| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-27965 | Cri | 0.65 | 9.8 | 0.12 | Mar 5, 2021 | The MsIo64.sys driver before 1.1.19.1016 in MSI Dragon Center before 2.0.98.0 has a buffer overflow that allows privilege escalation via a crafted 0x80102040, 0x80102044, 0x80102050, or 0x80102054 IOCTL request. | ||
| CVE-2022-31877 | Hig | 0.57 | 8.8 | 0.00 | Nov 28, 2022 | An issue in the component MSI.TerminalServer.exe of MSI Center v1.0.41.0 allows attackers to escalate privileges via a crafted TCP packet. | ||
| CVE-2020-17382 | Hig | 0.54 | 7.8 | 0.02 | Oct 2, 2020 | The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow (0x80102040, 0x80102044, 0x80102050,and 0x80102054). | ||
| CVE-2025-27813 | Hig | 0.53 | 8.1 | 0.00 | Apr 10, 2025 | MSI Center before 2.0.52.0 has Missing PE Signature Validation. | ||
| CVE-2025-27812 | Hig | 0.53 | 8.1 | 0.00 | Apr 10, 2025 | MSI Center before 2.0.52.0 allows TOCTOU Local Privilege Escalation. | ||
| CVE-2024-36877 | Hig | 0.53 | 8.2 | 0.01 | Aug 12, 2024 | Micro-Star International Z-series motherboards (Z590, Z490, and Z790) and B-series motherboards (B760, B560, B660, and B460) with firmware 7D25v14, 7D25v17 to 7D25v19, and 7D25v1A to 7D25v1H was discovered to contain a write-what-where condition in the in the SW handler for SMI… | ||
| CVE-2024-3745 | Hig | 0.51 | 7.8 | 0.00 | May 18, 2024 | MSI Afterburner v4.6.6.16381 Beta 3 is vulnerable to an ACL Bypass vulnerability in the RTCore64.sys driver, which leads to triggering vulnerabilities like CVE-2024-1443 and CVE-2024-1460 from a low privileged user. | ||
| CVE-2021-44901 | Hig | 0.51 | 7.8 | 0.00 | Feb 4, 2022 | Micro-Star International (MSI) Dragon Center <= 2.0.116.0 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers components. All the… | ||
| CVE-2021-29337 | Hig | 0.51 | 7.8 | 0.01 | Jun 21, 2021 | MODAPI.sys in MSI Dragon Center 2.0.104.0 allows low-privileged users to access kernel memory and potentially escalate privileges via a crafted IOCTL 0x9c406104 call. This IOCTL provides the MmMapIoSpace feature for mapping physical memory. | ||
| CVE-2020-13149 | Hig | 0.51 | 7.8 | 0.00 | May 18, 2020 | Weak permissions on the "%PROGRAMDATA%\MSI\Dragon Center" folder in Dragon Center before 2.6.2003.2401, shipped with Micro-Star MSI Gaming laptops, allows local authenticated users to overwrite system files and gain escalated privileges. One attack method is to change the… | ||
| CVE-2022-34109 | Hig | 0.46 | 7.1 | 0.00 | Sep 12, 2022 | An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to write arbitrary files to the directory \PromoPhoto\, regardless of file type or size. | ||
| CVE-2022-34108 | Hig | 0.46 | 7.1 | 0.00 | Sep 12, 2022 | An issue in the Feature Navigator of Micro-Star International MSI Feature Nagivator v1.0.1808.0901 allows attackers to cause a Denial of Service (DoS) via a crafted image or video file. | ||
| CVE-2025-14303 | Med | 0.44 | 6.8 | 0.00 | Dec 17, 2025 | Certain motherboard models developed by MSI has a Protection Mechanism Failure vulnerability. Because IOMMU was not properly enabled, unauthenticated physical attackers can use a DMA-capable PCIe device to read and write arbitrary physical memory before the OS kernel and its… | ||
| CVE-2024-12227 | Med | 0.36 | 5.5 | 0.00 | Dec 5, 2024 | A vulnerability, which was classified as problematic, was found in MSI Dragon Center up to 2.0.146.0. This affects the function MmUnMapIoSpace in the library NTIOLib_X64.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. It is possible to… | ||
| CVE-2024-1460 | Med | 0.36 | 5.6 | 0.00 | Mar 7, 2024 | MSI Afterburner v4.6.5.16370 is vulnerable to a Kernel Memory Leak vulnerability by triggering the 0x80002040 IOCTL code of the RTCore64.sys driver. The handle to the driver can only be obtained from a high integrity process. | ||
| CVE-2024-1443 | Med | 0.29 | 4.4 | 0.00 | Mar 7, 2024 | MSI Afterburner v4.6.5.16370 is vulnerable to a Denial of Service vulnerability by triggering the 0x80002000 IOCTL code of the RTCore64.sys driver. The handle to the driver can only be obtained from a high integrity process. | ||
| CVE-2026-53876 | 0.00 | — | 0.02 | Jun 17, 2026 | RadiX AX6600 WiFi 6 Tri-Band Gaming Router contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a user who logs in to the web console as an administrator. |
- risk 0.65cvss 9.8epss 0.12
The MsIo64.sys driver before 1.1.19.1016 in MSI Dragon Center before 2.0.98.0 has a buffer overflow that allows privilege escalation via a crafted 0x80102040, 0x80102044, 0x80102050, or 0x80102054 IOCTL request.
- risk 0.57cvss 8.8epss 0.00
An issue in the component MSI.TerminalServer.exe of MSI Center v1.0.41.0 allows attackers to escalate privileges via a crafted TCP packet.
- risk 0.54cvss 7.8epss 0.02
The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow (0x80102040, 0x80102044, 0x80102050,and 0x80102054).
- risk 0.53cvss 8.1epss 0.00
MSI Center before 2.0.52.0 has Missing PE Signature Validation.
- risk 0.53cvss 8.1epss 0.00
MSI Center before 2.0.52.0 allows TOCTOU Local Privilege Escalation.
- risk 0.53cvss 8.2epss 0.01
Micro-Star International Z-series motherboards (Z590, Z490, and Z790) and B-series motherboards (B760, B560, B660, and B460) with firmware 7D25v14, 7D25v17 to 7D25v19, and 7D25v1A to 7D25v1H was discovered to contain a write-what-where condition in the in the SW handler for SMI…
- risk 0.51cvss 7.8epss 0.00
MSI Afterburner v4.6.6.16381 Beta 3 is vulnerable to an ACL Bypass vulnerability in the RTCore64.sys driver, which leads to triggering vulnerabilities like CVE-2024-1443 and CVE-2024-1460 from a low privileged user.
- risk 0.51cvss 7.8epss 0.00
Micro-Star International (MSI) Dragon Center <= 2.0.116.0 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers components. All the…
- risk 0.51cvss 7.8epss 0.01
MODAPI.sys in MSI Dragon Center 2.0.104.0 allows low-privileged users to access kernel memory and potentially escalate privileges via a crafted IOCTL 0x9c406104 call. This IOCTL provides the MmMapIoSpace feature for mapping physical memory.
- risk 0.51cvss 7.8epss 0.00
Weak permissions on the "%PROGRAMDATA%\MSI\Dragon Center" folder in Dragon Center before 2.6.2003.2401, shipped with Micro-Star MSI Gaming laptops, allows local authenticated users to overwrite system files and gain escalated privileges. One attack method is to change the…
- risk 0.46cvss 7.1epss 0.00
An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to write arbitrary files to the directory \PromoPhoto\, regardless of file type or size.
- risk 0.46cvss 7.1epss 0.00
An issue in the Feature Navigator of Micro-Star International MSI Feature Nagivator v1.0.1808.0901 allows attackers to cause a Denial of Service (DoS) via a crafted image or video file.
- risk 0.44cvss 6.8epss 0.00
Certain motherboard models developed by MSI has a Protection Mechanism Failure vulnerability. Because IOMMU was not properly enabled, unauthenticated physical attackers can use a DMA-capable PCIe device to read and write arbitrary physical memory before the OS kernel and its…
- risk 0.36cvss 5.5epss 0.00
A vulnerability, which was classified as problematic, was found in MSI Dragon Center up to 2.0.146.0. This affects the function MmUnMapIoSpace in the library NTIOLib_X64.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. It is possible to…
- risk 0.36cvss 5.6epss 0.00
MSI Afterburner v4.6.5.16370 is vulnerable to a Kernel Memory Leak vulnerability by triggering the 0x80002040 IOCTL code of the RTCore64.sys driver. The handle to the driver can only be obtained from a high integrity process.
- risk 0.29cvss 4.4epss 0.00
MSI Afterburner v4.6.5.16370 is vulnerable to a Denial of Service vulnerability by triggering the 0x80002000 IOCTL code of the RTCore64.sys driver. The handle to the driver can only be obtained from a high integrity process.
- CVE-2026-53876Jun 17, 2026risk 0.00cvss —epss 0.02
RadiX AX6600 WiFi 6 Tri-Band Gaming Router contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a user who logs in to the web console as an administrator.