CVE-2026-13385

Summary

An Improper Validation of Integrity Check Value and Improper Certificate Validation in certain ASUS router models allows a remote man-in-the-middle(MITM) user to make the router download and execute arbitrary command via a spoofed server. Refer to the '  Security Update for ASUS Router Firmware  ' section on the ASUS Security Advisory for more information.

Affected Software

VendorProductVersion RangeStatus
ASUSRouter3.0.0.4_386 seriesaffected
ASUSRouter3.0.0.4_388 seriesaffected
ASUSRouter3.0.0.6_102 seriesaffected

Weaknesses

  • CWE-354: CWE-354: Improper Validation of Integrity Check Value (4.20)
  • CWE-295: CWE-295: Improper Certificate Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References