CVE-2026-13385
Severity CVSS v4.0:
CRITICAL
Type:
CWE-295
Improper Certificate Validation
Publication date:
15/07/2026
Last modified:
15/07/2026
Description
An Improper Validation of Integrity Check Value and Improper Certificate Validation in certain ASUS router models allows a remote man-in-the-middle(MITM) user to make the router download and execute arbitrary command via a spoofed server.<br />
Refer to the &#39; <br />
Security Update for ASUS Router Firmware &#39; section on the ASUS Security Advisory for more information.
Impact
Base Score 4.0
9.50
Severity 4.0
CRITICAL



