ASUS RT-AC58U – Unauthenticated Network Information Disclosure via Web Interface

Disclosure Status

State

disclosed

Disclosed on

April 09, 2026

Last updated

April 09, 2026

Description

Finding

Found via analysis of ASUS RT-AC58U firmware — web interface failed to properly protect sensitive network data, exposing it to unauthenticated requests.

Reproducibility

Access the router’s web UI on affected firmware (≤ 3.0.0.4.380_6516) without authentication to view sensitive network data.

Impact

Medium-severity information disclosure (CVSS 5.3). Attackers may learn network details from the router UI.

Patches

No patch details in API; upgrade to a firmware version above 3.0.0.4.380_6516 if available.

Workarounds

Restrict admin UI access to trusted networks and local connections only.

References

https://github.com/remix30303/AsusLeak

Details

Vulnerability

CVE-2018-18287

Affected product(s)

ASUS RT-AC58U ≤ 3.0.0.4.380_6516

Credit

Adrian "syrex1013" Dacka