Details of VAR-202511-2401

ID

VAR-202511-2401

CVE

CVE-2025-59369

TITLE

ASUS Router SQL Injection Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-29780

DESCRIPTION

A SQL injection vulnerability has been identified in bwdpi. A remote, authenticated attacker could leverage this vulnerability to potentially execute arbitrary SQL queries, leading to unauthorized data access. Refer to the 'Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information. ASUS Router is a router product and accompanying management application launched by ASUS, primarily used for wireless connectivity and management of home and enterprise networks. This vulnerability stems from the application's lack of validation for externally input SQL statements

Trust: 1.44

sources: NVD: CVE-2025-59369 // CNVD: CNVD-2025-29780

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-29780

AFFECTED PRODUCTS

vendor:	asus	model:	router 3.0.0.4 386	scope:	-	version:	-	Trust: 0.6
vendor:	asus	model:	router 3.0.0.4 388	scope:	-	version:	-	Trust: 0.6
vendor:	asus	model:	router 3.0.0.6 102	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-29780

CVSS

SEVERITY

CVSSV2

CVSSV3

54bf65a7-a193-42d2-b1ba-8e150d3c35e1:	CVE-2025-59369
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2025-29780
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-29780
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:N/AC:L/AU:M/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.4
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2025-29780 // NVD: CVE-2025-59369

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.0

sources: NVD: CVE-2025-59369

PATCH

title:

Patch for ASUS Router SQL Injection Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/777126

Trust: 0.6

sources: CNVD: CNVD-2025-29780

EXTERNAL IDS

db:	NVD	id:	CVE-2025-59369	Trust: 1.6
db:	CNVD	id:	CNVD-2025-29780	Trust: 0.6

sources: CNVD: CNVD-2025-29780 // NVD: CVE-2025-59369

REFERENCES

url:	https://www.asus.com/security-advisory/	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-59369	Trust: 0.6

sources: CNVD: CNVD-2025-29780 // NVD: CVE-2025-59369

SOURCES

db:	CNVD	id:	CNVD-2025-29780
db:	NVD	id:	CVE-2025-59369

LAST UPDATE DATE

2025-12-19T19:39:43.281000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-29780	date:	2025-12-03T00:00:00
db:	NVD	id:	CVE-2025-59369	date:	2025-11-25T22:16:16.690

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-29780	date:	2025-12-03T00:00:00
db:	NVD	id:	CVE-2025-59369	date:	2025-11-25T08:15:52.633