CVE-2026-13385
Last modified
CVE-2026-13385 is a critical-severity vulnerability rated 9.5/10 on the CVSS scale. An Improper Validation of Integrity Check Value and Improper Certificate Validation in certain ASUS router models allows a remote man-in-the-middle(MITM) user to make the router download and execute arbitrary command via a spoofed server. Refer to the ' Security Update for ASUS Router Firmware ' section on the ASUS Security Advisory for more information..
Description
An Improper Validation of Integrity Check Value and Improper Certificate Validation in certain ASUS router models allows a remote man-in-the-middle(MITM) user to make the router download and execute arbitrary command via a spoofed server. Refer to the ' Security Update for ASUS Router Firmware ' section on the ASUS Security Advisory for more information.
Metrics
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
Source: CNA advisory (CVE.org). NVD analysis pending.
| Vendor | Product | Versions |
|---|---|---|
| ASUS | Router | 3.0.0.4_386 series; 3.0.0.4_388 series; 3.0.0.6_102 series |
References
Timeline
- Published
- Last Modified
- Status
- Received
Frequently Asked Questions
What is CVE-2026-13385?
How severe is CVE-2026-13385?
How do I fix CVE-2026-13385?
Related CVEs from 2026
- CVE-2026-13376Improper Neutralization of Input During Web Page Generation …4.8
- CVE-2026-13377Improper Neutralization of Input During Web Page Generation …4.8
- CVE-2026-13378The Form Vibes – Database Manager for Forms plugin for WordP…7.2
- CVE-2026-1338GitLab has remediated an issue in GitLab CE/EE affecting all…4.3
- CVE-2026-13383An Out-of-bounds Write vulnerability in WatchGuard Fireware …7.2
- CVE-2026-13384An Out-of-bounds Write vulnerability in WatchGuard Fireware …7.2
- CVE-2026-1340A code injection in Ivanti Endpoint Manager Mobile allowing …9.8
- CVE-2026-1341Avation Light Engine Pro exposes its configuration and contr…9.3
- CVE-2026-1342IBM Verify Identity Access Container 11.0 through 11.0.2 and…7.9
- CVE-2026-13422The HD Quiz plugin for WordPress is vulnerable to Cross-Site…4.3
- CVE-2026-13426The Mattermost Go module github.com/mattermost/mattermost/se…5.4
- CVE-2026-1343IBM Verify Identity Access Container 11.0 through 11.0.2 and…7.2
Are you affected by CVE-2026-13385?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST
