CVE-2026-13385

Severity CVSS v4.0:
CRITICAL
Type:
CWE-295 Improper Certificate Validation
Publication date:
15/07/2026
Last modified:
15/07/2026

Description

An Improper Validation of Integrity Check Value and Improper Certificate Validation in certain ASUS router models allows a remote man-in-the-middle(MITM) user to make the router download and execute arbitrary command via a spoofed server.<br /> Refer to the &amp;#39; <br /> Security Update for ASUS Router Firmware  &amp;#39; section on the ASUS Security Advisory for more information.

References to Advisories, Solutions, and Tools