SQL Injection Vulnerability in ASUS Router Web Management Interface
CVE-2026-11851

5.9MEDIUM

Key Information:

Vendor

Asus

Status
Vendor
CVE Published:
15 July 2026

What is CVE-2026-11851?

An SQL Injection vulnerability exists in the web management interface of specific ASUS router models that allows a remote authenticated user to exploit improper neutralization of special elements. This can result in unauthorized access to confidential information through carefully crafted requests that circumvent the existing input validation mechanisms. Users are advised to consult the ASUS Security Advisory for additional information and recommended security updates to mitigate this risk.

Affected Version(s)

Router ASUSWRT 3.0.0.4_386 series

Router ASUSWRT 3.0.0.4_388 series

Router ASUSWRT 3.0.0.6_102 series

References

CVSS V4

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.