Description
An Improper Export of Android Application Components vulnerability in ASUS Router App allows a third-party application on the same device to send a crafted Intent that causes ASUS Router App to open an specified URL.
Refer to the '
Security Update for ASUS Router Android App ' section on the ASUS Security Advisory for more information.
Published: 2026-07-03
Score: 6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
History

Tue, 07 Jul 2026 12:30:00 +0000

Type Values Removed Values Added
Title Improper Export Enables Arbitrary URL Invocation via Intent

Mon, 06 Jul 2026 19:45:00 +0000

Type Values Removed Values Added
Title Improper Export of Android Application Components Allows Unauthorized URL Navigation in ASUS Router App

Mon, 06 Jul 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 06 Jul 2026 01:45:00 +0000

Type Values Removed Values Added
Title Improper Export of Android Application Components Allows Unauthorized URL Navigation in ASUS Router App

Sun, 05 Jul 2026 09:30:00 +0000

Type Values Removed Values Added
Title Improper Export of Android Components Enabling Arbitrary URL Invocation

Sat, 04 Jul 2026 20:45:00 +0000

Type Values Removed Values Added
Title Improper Export of Android Components Enabling Arbitrary URL Invocation

Sat, 04 Jul 2026 05:15:00 +0000

Type Values Removed Values Added
Title Improper Export of Android Components Allows Third‑Party Apps to Open Arbitrary URLs in ASUS Router App

Fri, 03 Jul 2026 18:00:00 +0000

Type Values Removed Values Added
Title Improper Export of Android Components Allows Third‑Party Apps to Open Arbitrary URLs in ASUS Router App

Fri, 03 Jul 2026 02:45:00 +0000

Type Values Removed Values Added
Description An Improper Export of Android Application Components vulnerability in ASUS Router App allows a third-party application on the same device to send a crafted Intent that causes ASUS Router App to open an specified URL. Refer to the ' Security Update for ASUS Router Android App ' section on the ASUS Security Advisory for more information.
First Time appeared Asus
Asus router App
Weaknesses CWE-926
CPEs cpe:2.3:a:asus:router_app:*:*:*:*:*:*:*:*
Vendors & Products Asus
Asus router App
References
Metrics cvssV4_0

{'score': 6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ASUS

Published:

Updated: 2026-07-06T15:42:50.120Z

Reserved: 2026-06-23T05:33:05.433Z

Link: CVE-2026-12960

cve-icon Vulnrichment

Updated: 2026-07-06T15:42:45.491Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-07T12:15:06Z

Weaknesses