CVE-2026-12960
MediumCVSS 6.0Summary
An Improper Export of Android Application Components vulnerability in ASUS Router App allows a third-party application on the same device to send a crafted Intent that causes ASUS Router App to open a specified URL.
Risk Assessment
An attacker can exploit this vulnerability to open a malicious website in the context of a trusted application, potentially leading to phishing or malware installation on the device.
Recommendation
Update the ASUS Router App to the latest version as per the ASUS Security Advisory. Additionally, restrict installation of apps from unknown sources on Android devices.
Original NVD description (English source)
An Improper Export of Android Application Components vulnerability in ASUS Router App allows a third-party application on the same device to send a crafted Intent that causes ASUS Router App to open an specified URL. Refer to the ' Security Update for ASUS Router Android App ' section on the ASUS Security Advisory for more information.

