SQL Injection Vulnerability in ASUS Router Web Management Interface
CVE-2026-11851
5.9MEDIUM
What is CVE-2026-11851?
An SQL Injection vulnerability exists in the web management interface of specific ASUS router models that allows a remote authenticated user to exploit improper neutralization of special elements. This can result in unauthorized access to confidential information through carefully crafted requests that circumvent the existing input validation mechanisms. Users are advised to consult the ASUS Security Advisory for additional information and recommended security updates to mitigate this risk.
Affected Version(s)
Router ASUSWRT 3.0.0.4_386 series
Router ASUSWRT 3.0.0.4_388 series
Router ASUSWRT 3.0.0.6_102 series