Description
An Improper Validation of Integrity Check Value and Improper Certificate Validation in certain ASUS router models allows a remote man-in-the-middle(MITM) user to make the router download and execute arbitrary command via a spoofed server.
Refer to the ' 
Security Update for ASUS Router Firmware  ' section on the ASUS Security Advisory for more information.
Published: 2026-07-15
Score: 9.5 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
History

Wed, 15 Jul 2026 02:15:00 +0000

Type Values Removed Values Added
Description An Improper Validation of Integrity Check Value and Improper Certificate Validation in certain ASUS router models allows a remote man-in-the-middle(MITM) user to make the router download and execute arbitrary command via a spoofed server. Refer to the '  Security Update for ASUS Router Firmware  ' section on the ASUS Security Advisory for more information.
First Time appeared Asus
Asus router
Weaknesses CWE-295
CWE-354
CPEs cpe:2.3:a:asus:router:3.0.0.4_386_series:*:*:*:*:*:*:*
cpe:2.3:a:asus:router:3.0.0.4_388_series:*:*:*:*:*:*:*
cpe:2.3:a:asus:router:3.0.0.6_102_series:*:*:*:*:*:*:*
Vendors & Products Asus
Asus router
References
Metrics cvssV4_0

{'score': 9.5, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ASUS

Published:

Updated: 2026-07-15T02:01:46.495Z

Reserved: 2026-06-26T03:42:59.077Z

Link: CVE-2026-13385

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses
  • CWE-295

    Improper Certificate Validation

  • CWE-354

    Improper Validation of Integrity Check Value