ASUS RT-AC86U - Command injection vulnerability - 1
Description
ASUS RT-AC86U Adaptive QoS - Web History function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ASUS RT-AC86U Adaptive QoS Web History function has a command injection vulnerability due to insufficient input filtering, allowing authenticated remote attackers to execute arbitrary commands.
Vulnerability
The Adaptive QoS - Web History function in ASUS RT-AC86U router firmware version 3.0.0.4.386.51529 fails to properly filter special characters, enabling a command injection vulnerability. The attacker must be authenticated with a regular user account and send crafted HTTP requests to the vulnerable endpoint. [1]
Exploitation
An attacker with a valid user account can exploit this by sending a specially crafted request to the Web History function, injecting arbitrary commands. No user interaction required beyond authentication. [1]
Impact
Successful exploitation allows the attacker to execute arbitrary commands with root privileges, leading to full system compromise, service disruption, or termination. The CVSS score is 8.8 (High) with vector AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. [1]
Mitigation
ASUS has released firmware version 3.0.0.4.386_51915 to fix this vulnerability. Users should update their RT-AC86U to the latest firmware. [1]
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.