CVE-2026-13385 in ASUSinfo

Summary

by MITRE • 07/15/2026

An Improper Validation of Integrity Check Value and Improper Certificate Validation in certain ASUS router models allows a remote man-in-the-middle(MITM) user to make the router download and execute arbitrary command via a spoofed server. Refer to the '  Security Update for ASUS Router Firmware  ' section on the ASUS Security Advisory for more information.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 07/15/2026

This vulnerability represents a critical weakness in ASUS router firmware that stems from inadequate validation of integrity check values and certificate validation mechanisms. The flaw allows remote attackers to perform man-in-the-middle attacks by spoofing legitimate servers, enabling them to manipulate the router's firmware update process. The vulnerability specifically affects certain ASUS router models where the device fails to properly verify the authenticity and integrity of firmware updates received over the network. This weakness creates a pathway for attackers to inject malicious code into the router's operating system through carefully crafted spoofed responses during the update process.

The technical implementation of this vulnerability involves the router's failure to validate cryptographic signatures or checksums associated with firmware updates, combined with insufficient certificate validation procedures. When a router attempts to download firmware updates from a remote server, it should verify that the downloaded files have not been tampered with and that the source is legitimate. However, in affected ASUS models, these validation checks are either missing or improperly implemented, allowing attackers to present forged firmware images that appear authentic to the router's validation system. This failure aligns with CWE-310 vulnerability classification related to cryptographic issues and improper certificate validation.

The operational impact of this vulnerability is severe as it enables remote code execution on affected routers without requiring any local access or authentication credentials. Attackers can leverage this weakness to gain complete control over the affected devices, potentially creating persistent backdoors, redirecting network traffic, or using the compromised routers as launch points for further attacks against internal networks. The vulnerability's remote nature makes it particularly dangerous as attackers can exploit it from anywhere on the internet without physical access to the router hardware. This threat model corresponds with ATT&CK technique T1059.007 for command and script interpreter, where adversaries can execute arbitrary commands through compromised network devices.

The attack vector specifically targets the router's firmware update mechanism, which is typically used for legitimate purposes such as applying security patches or feature updates. Attackers can intercept normal firmware update traffic or manipulate DNS responses to redirect the router to a malicious server controlled by the attacker. The vulnerability affects both the integrity verification process and certificate validation, making it particularly challenging to detect and prevent. This weakness could be exploited in conjunction with other network-based attacks to establish persistent access to corporate or residential networks, potentially leading to data exfiltration, network reconnaissance, or as a stepping stone for broader network infiltration attempts.

Organizations should implement immediate mitigations including disabling automatic firmware updates when possible, implementing network monitoring to detect suspicious update traffic, and applying official firmware patches released by ASUS. The vulnerability highlights the importance of robust cryptographic validation in embedded systems and demonstrates the critical need for proper certificate pinning and integrity checking mechanisms in network infrastructure devices. Security professionals should also consider deploying network segmentation strategies to limit the potential impact of compromised routers and establish monitoring procedures specifically designed to detect unauthorized firmware modifications in network equipment.

Responsible

ASUS

Reservation

06/26/2026

Disclosure

07/15/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!