CVE-2026-13385
ASUS · Router
ASUS routers are vulnerable to a man-in-the-middle attack due to improper certificate and integrity check validation, allowing attackers to force the device to download and execute arbitrary commands.
Executive summary
A critical vulnerability in several ASUS router series enables remote attackers to execute arbitrary commands on the device via man-in-the-middle exploitation.
Vulnerability
This vulnerability involves improper validation of integrity check values (CWE-354) and improper certificate validation (CWE-295). These flaws allow a remote man-in-the-middle attacker to spoof a server, causing the router to download and execute malicious firmware or commands.
Business impact
An attacker gaining command execution on a router can intercept all network traffic, redirect users to malicious sites, or use the device as a pivot point into the local network. The CVSS score of 9.5 reflects the high potential for total compromise of the network perimeter.
Remediation
Immediate Action: Visit the ASUS security advisory page to identify the specific firmware release that addresses these integrity and validation flaws for your specific router model.
Proactive Monitoring: Monitor router system logs for suspicious update processes or unexpected outbound traffic to unknown servers.
Compensating Controls: Disable remote management features on the router to reduce the attack surface until the firmware patch is applied.
Exploitation status
Public Exploit Available: No
Analyst recommendation
Given the critical nature of router security, users must prioritize installing the latest firmware provided by ASUS. Ensure that routers are configured to automatically check for updates and that remote administration is disabled to limit exposure to potential attackers.