CVE-2025-15101
published 2026-03-26CVE-2025-15101: An OS command injection vulnerability in the web management interface of certain ASUS router models allows remote authenticated administrators to execute…
high8.6CVSS 4.0
AVNACLATNPRHUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
An OS command injection vulnerability in the web management interface of certain ASUS router models allows remote authenticated administrators to execute arbitrary system commands via a crafted parameter.
Refer to the 'Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| asus | asus_firmware | <= 3.0.0.6_102 | — |
| asus | router | — | — |