CVE-2026-12960 PUBLISHED

Assigner: ASUS
Reserved: 23.06.2026 Published: 03.07.2026 Updated: 03.07.2026

An Improper Export of Android Application Components vulnerability in ASUS Router App allows a third-party application on the same device to send a crafted Intent that causes ASUS Router App to open an specified URL. Refer to the ' Security Update for ASUS Router Android App ' section on the ASUS Security Advisory for more information.

Metrics

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
CVSS Score: 6

Product Status

Vendor ASUS
Product Router app
Versions Default: unaffected
  • affected from 0 to 1.0.0.9.71 (incl.)

Credits

  • Sedric Louissaint finder

References

Problem Types

  • CWE-926 Improper Export of Android Application Components CWE