Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for qax_internet_control_gateway by qianxin

    CVE-2026-3796 (GCVE-0-2026-3796)

    Vulnerability from nvd – Published: 2026-03-09 02:32 – Updated: 2026-03-10 20:20
    VLAI
    Title
    Qi-ANXIN QAX Virus Removal Mini Filter Driver QKSecureIO_Imp.sys ZwTerminateProcess access control
    Summary
    A weakness has been identified in Qi-ANXIN QAX Virus Removal up to 2025-10-22. The affected element is the function ZwTerminateProcess in the library QKSecureIO_Imp.sys of the component Mini Filter Driver. Executing a manipulation can lead to improper access controls. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Controls
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    Impacted products
    Vendor Product Version
    Qi-ANXIN QAX Virus Removal Affected: 2025-10-22
    Create a notification for this product.
    Credits
    jonathan126 (VulDB User) VulDB
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3796",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-10T20:20:07.965869Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-10T20:20:47.492Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Mini Filter Driver"
              ],
              "product": "QAX Virus Removal",
              "vendor": "Qi-ANXIN",
              "versions": [
                {
                  "status": "affected",
                  "version": "2025-10-22"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "jonathan126 (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in Qi-ANXIN QAX Virus Removal up to 2025-10-22. The affected element is the function ZwTerminateProcess in the library QKSecureIO_Imp.sys of the component Mini Filter Driver. Executing a manipulation can lead to improper access controls. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4.3,
                "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-09T02:32:08.133Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-349763 | Qi-ANXIN QAX Virus Removal Mini Filter Driver QKSecureIO_Imp.sys ZwTerminateProcess access control",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.349763"
            },
            {
              "name": "VDB-349763 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.349763"
            },
            {
              "name": "Submit #758991 | Qi-ANXIN QAX Virus Removal Version 2025.10.22 and earlier Improper Access Controls",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.758991"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/cwjchoi01/FocusKiller"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/cwjchoi01/FocusKiller/tree/main/FocusKiller"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-08T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-03-08T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-03-08T09:47:23.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Qi-ANXIN QAX Virus Removal Mini Filter Driver QKSecureIO_Imp.sys ZwTerminateProcess access control"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-3796",
        "datePublished": "2026-03-09T02:32:08.133Z",
        "dateReserved": "2026-03-08T08:41:59.080Z",
        "dateUpdated": "2026-03-10T20:20:47.492Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3796 (GCVE-0-2026-3796)

    Vulnerability from cvelistv5 – Published: 2026-03-09 02:32 – Updated: 2026-03-10 20:20
    VLAI
    Title
    Qi-ANXIN QAX Virus Removal Mini Filter Driver QKSecureIO_Imp.sys ZwTerminateProcess access control
    Summary
    A weakness has been identified in Qi-ANXIN QAX Virus Removal up to 2025-10-22. The affected element is the function ZwTerminateProcess in the library QKSecureIO_Imp.sys of the component Mini Filter Driver. Executing a manipulation can lead to improper access controls. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Controls
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    Impacted products
    Vendor Product Version
    Qi-ANXIN QAX Virus Removal Affected: 2025-10-22
    Create a notification for this product.
    Credits
    jonathan126 (VulDB User) VulDB
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3796",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-10T20:20:07.965869Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-10T20:20:47.492Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Mini Filter Driver"
              ],
              "product": "QAX Virus Removal",
              "vendor": "Qi-ANXIN",
              "versions": [
                {
                  "status": "affected",
                  "version": "2025-10-22"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "jonathan126 (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in Qi-ANXIN QAX Virus Removal up to 2025-10-22. The affected element is the function ZwTerminateProcess in the library QKSecureIO_Imp.sys of the component Mini Filter Driver. Executing a manipulation can lead to improper access controls. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4.3,
                "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-09T02:32:08.133Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-349763 | Qi-ANXIN QAX Virus Removal Mini Filter Driver QKSecureIO_Imp.sys ZwTerminateProcess access control",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.349763"
            },
            {
              "name": "VDB-349763 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.349763"
            },
            {
              "name": "Submit #758991 | Qi-ANXIN QAX Virus Removal Version 2025.10.22 and earlier Improper Access Controls",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.758991"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/cwjchoi01/FocusKiller"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/cwjchoi01/FocusKiller/tree/main/FocusKiller"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-08T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-03-08T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-03-08T09:47:23.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Qi-ANXIN QAX Virus Removal Mini Filter Driver QKSecureIO_Imp.sys ZwTerminateProcess access control"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-3796",
        "datePublished": "2026-03-09T02:32:08.133Z",
        "dateReserved": "2026-03-08T08:41:59.080Z",
        "dateUpdated": "2026-03-10T20:20:47.492Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }