CVE Catalog

CVE-2026-12960

MediumCVSS 6.0
Published: Translated: NVD NIST

Summary

An Improper Export of Android Application Components vulnerability in ASUS Router App allows a third-party application on the same device to send a crafted Intent that causes ASUS Router App to open a specified URL.

Risk Assessment

An attacker can exploit this vulnerability to open a malicious website in the context of a trusted application, potentially leading to phishing or malware installation on the device.

Recommendation

Update the ASUS Router App to the latest version as per the ASUS Security Advisory. Additionally, restrict installation of apps from unknown sources on Android devices.

Original NVD description (English source)

An Improper Export of Android Application Components vulnerability in ASUS Router App allows a third-party application on the same device to send a crafted Intent that causes ASUS Router App to open an specified URL. Refer to the ' Security Update for ASUS Router Android App ' section on the ASUS Security Advisory for more information.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS