ID
VAR-202511-2421
CVE
CVE-2025-59370
TITLE
ASUS Router command injection vulnerability
Trust: 0.6
DESCRIPTION
A command injection vulnerability has been identified in bwdpi. A remote, authenticated attacker could leverage this vulnerability to potentially execute arbitrary commands, leading to the device executing unintended instructions. Refer to the 'Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information. ASUS Router is a router product and accompanying management application launched by ASUS, primarily used for wireless connectivity and management in home and enterprise networks
Trust: 1.44
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | asus | model: | router 3.0.0.4 386 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | asus | model: | router 3.0.0.4 388 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | asus | model: | router 3.0.0.6 102 | scope: | - | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-78 | Trust: 1.0 |
PATCH
| title: | Patch for ASUS Router command injection vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/777136 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2025-59370 | Trust: 1.6 |
| db: | CNVD | id: | CNVD-2025-29782 | Trust: 0.6 |
REFERENCES
| url: | https://www.asus.com/security-advisory/ | Trust: 1.0 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2025-59370 | Trust: 0.6 |
SOURCES
| db: | CNVD | id: | CNVD-2025-29782 |
| db: | NVD | id: | CVE-2025-59370 |
LAST UPDATE DATE
2025-12-19T23:03:06.080000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2025-29782 | date: | 2025-12-03T00:00:00 |
| db: | NVD | id: | CVE-2025-59370 | date: | 2025-11-25T22:16:16.690 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2025-29782 | date: | 2025-12-03T00:00:00 |
| db: | NVD | id: | CVE-2025-59370 | date: | 2025-11-25T08:15:52.810 |