SQL Injection in Asus Router
CVE-2026-11851
Improper Neutralization of Special Elements used in an SQL Command ("SQL Injection") in the web management interface of certain ASUS router models allows a remote authenticated user to disclose confidential information via a crafted reques…
Vulnerability class: SQL Injection
Affected products
- Asus Router — versions ASUSWRT 3.0.0.4_386 series, ASUSWRT 3.0.0.4_388 series, ASUSWRT 3.0.0.6_102 series