CVE Record: CVE-2024-12912

Required CVE Record Information

Description

An improper input insertion vulnerability in AiCloud on certain router models may lead to arbitrary command execution. Refer to the '01/02/2025 ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information.

CWE 2 Total

Learn more

CWE-20: CWE-20 Improper Input Validation
CWE-77: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

CVSS 1 Total

Learn more

Score	Severity	Version	Vector String
7.2	HIGH	3.1	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Product Status

Learn more

Versions 4 Total

Default Status: unaffected

affected

References 1 Total

https://www.asus.com/content/asus-product-security-advisory/
external site

Authorized Data Publishers

Learn more

Common vulnerabilities and Exposures (CVE)

Required CVE Record Information

CNA: ASUSTeK Computer Incorporation

Description

CWE 2 Total

CVSS 1 Total

Product Status

References 1 Total

Authorized Data Publishers

CISA-ADP