Improper Validation Vulnerability in ASUS Routers
CVE-2026-13385

9.5CRITICAL

Key Information:

Vendor

Asus

Status
Vendor
CVE Published:
15 July 2026

What is CVE-2026-13385?

An improperly validated integrity check value and insufficient certificate validation in specific ASUS router models can be exploited by a remote attacker. This vulnerability allows an adversary to perform a man-in-the-middle (MITM) attack, leading the router to download and execute arbitrary commands from a compromised server. For further details and resolution steps, refer to the ASUS Security Advisory.

Affected Version(s)

Router 3.0.0.4_386 series

Router 3.0.0.4_388 series

Router 3.0.0.6_102 series

References

CVSS V4

Score:
9.5
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.