ASUS RT-AC86U - Command injection vulnerability - 5
Description
ASUS RT-AC86U Traffic Analyzer - Apps analysis function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ASUS RT-AC86U Traffic Analyzer Apps analysis function lacks input sanitization, allowing authenticated remote attackers to execute arbitrary commands via command injection.
Vulnerability
The Traffic Analyzer's Apps analysis function in ASUS RT-AC86U firmware version 3.0.0.4.386.51529 fails to properly filter special characters in input parameters. This allows a command injection vulnerability [1].
Exploitation
An attacker needs only regular user privilege (low-privileged authenticated access) and network access to the router's management interface. The attacker sends a crafted request with malicious commands embedded in the Apps analysis parameter, triggering execution on the device [1].
Impact
Successful exploitation enables arbitrary command execution as root, leading to full system compromise: arbitrary file manipulation, service disruption, and potential network attacks. The CVSS score is 8.8 (High) [1].
Mitigation
ASUS released firmware version 3.0.0.4.386_51915 which fixes this vulnerability. Users should update immediately via the router's administration interface [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.