SQL Injection in Asus Router

CVE-2026-11851

Improper Neutralization of Special Elements used in an SQL Command ("SQL Injection") in the web management interface of certain ASUS router models allows a remote authenticated user to disclose confidential information via a crafted reques…

Vulnerability class: SQL Injection

Affected products

  • Asus Router — versions ASUSWRT 3.0.0.4_386 series, ASUSWRT 3.0.0.4_388 series, ASUSWRT 3.0.0.6_102 series

Weakness classification (CWE)

References