Severity by source
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network vector but the required MITM position makes AC:H; no auth or interaction (PR:N/UI:N); executing attacker code on the router crosses into managed systems, so S:C with full C/I/A impact.
Primary rating from Vendor (ASUS).
CVSS VectorVendor: ASUS
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
An Improper Validation of Integrity Check Value and Improper Certificate Validation in certain ASUS router models allows a remote man-in-the-middle(MITM) user to make the router download and execute arbitrary command via a spoofed server. Refer to the ' Security Update for ASUS Router Firmware ' section on the ASUS Security Advisory for more information.
AnalysisAI
Remote command execution in certain ASUS router firmware allows a network man-in-the-middle attacker to force the router to download and run arbitrary commands from a spoofed update/download server. The root cause is a failure to validate both the integrity check value (CWE-354) and the TLS server certificate, so an attacker positioned in the network path can impersonate a legitimate ASUS server. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires the attacker to hold a man-in-the-middle position on the network path between the router and the ASUS server it contacts for downloads/updates (this is the AT:P attack requirement in the CVSS 4.0 vector). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are mostly aligned toward high priority but with an important caveat. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has gained an on-path position - for example on a shared Wi-Fi network, a compromised upstream hop, or via DNS/route hijacking - intercepts the router's connection to an ASUS server. Because the router does not properly validate the server certificate or the integrity of the returned payload, the attacker presents a spoofed server and delivers a malicious command or firmware image, which the router downloads and executes with full privileges. … |
| Remediation | Patch available per vendor advisory: apply the fixed firmware listed in the 'Security Update for ASUS Router Firmware' section of the ASUS Security Advisory at https://www.asus.com/security-advisory/ (exact fixed firmware version not specified in the provided data - confirm the build for your specific model on that page). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: inventory all ASUS routers deployed across network infrastructure and cross-reference against the affected firmware versions listed in ASUS security advisories. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated
The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation
A Cross-Site Request Forgery (CSRF) vulnerability exists in the Web management interface of ASUS router models that allo
SQL injection in the web management interface of multiple ASUS router models enables a remotely authenticated, high-priv
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44590
GHSA-f3gg-32xv-8j76