Per the https://www.asus.com/security-advisory/ site. A notice for firmware 3.0.0.6_102 and earlier posted on 3/25/2026.
To protect your devices, ASUS strongly recommends that all users update their router firmware to the latest version immediately.
You can find the latest firmware on the ASUS support page at
https://www.asus.com/support/ or the relevant product page at https://www.asus.com/Networking/
CVE-2025-15101
CVSS 4.0 Score: 8.5 /High
AV:N/AC:L/AT:N/PR:H/UI
/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Last Updated: March 25, 2026 (GMT+8)
------------------------------------------------------------
Per the CVE-2025-15101 link:
CNA: ASUSTeK Computer Incorporation
Published: 2026-03-26 Updated: 2026-03-26
Description
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Web management interface of certain ASUS router models. This vulnerability potentially allows actions to be performed with the existing privileges of an authenticated user on the affected device, including the ability to execute system commands through unintended mechanisms. Refer to the 'Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information.
CWE 2 Total
CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)
CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSS 1 Total
Learn more
Score Severity Version Vector String
8.5 HIGH 4.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Product Status
Vendor ASUS
Product Router
Versions 1 Total
Default Status: unaffected
affected
affected at 3.0.0.6_102
Credits
Per Idenfeldt Okuyama at CYLOQ reporter
References 1 Total
https://www.asus.com/security-advisory/
vendor-advisory
Security Update for ASUS Router Firmware
ASUS has released a security update for ASUS routers to mitigate Reported vulnerability and strongly recommends updating to the latest firmware version 3.0.0.6_102 series or later to ensure optimal protection.To protect your devices, ASUS strongly recommends that all users update their router firmware to the latest version immediately.
You can find the latest firmware on the ASUS support page at
https://www.asus.com/support/ or the relevant product page at https://www.asus.com/Networking/
CVE-2025-15101
CVSS 4.0 Score: 8.5 /High
AV:N/AC:L/AT:N/PR:H/UI
/VC:H/VI:H/VA:H/SC:N/SI:N/SA:NLast Updated: March 25, 2026 (GMT+8)
------------------------------------------------------------
Per the CVE-2025-15101 link:
CNA: ASUSTeK Computer Incorporation
Published: 2026-03-26 Updated: 2026-03-26
Description
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Web management interface of certain ASUS router models. This vulnerability potentially allows actions to be performed with the existing privileges of an authenticated user on the affected device, including the ability to execute system commands through unintended mechanisms. Refer to the 'Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information.
CWE 2 Total
CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)
CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSS 1 Total
Learn more
Score Severity Version Vector String
8.5 HIGH 4.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI
/VC:H/VI:H/VA:H/SC:N/SI:N/SA:NProduct Status
Vendor ASUS
Product Router
Versions 1 Total
Default Status: unaffected
affected
affected at 3.0.0.6_102
Credits
Per Idenfeldt Okuyama at CYLOQ reporter
References 1 Total
https://www.asus.com/security-advisory/
vendor-advisory
