Urgent ASUS Router Security Flaw Exposed
▼ Summary
– ASUS has released firmware update 1.1.2.3_1010 to patch a critical authentication bypass vulnerability (CVE-2025-59367) in DSL-AC51, DSL-N16, and DSL-AC750 router models.
– This security flaw allows remote unauthenticated attackers to gain unauthorized access to affected routers through low-complexity attacks without user interaction.
– For users unable to immediately update, ASUS recommends disabling internet-accessible services like remote WAN access, port forwarding, and VPN servers to block potential attacks.
– Additional security measures include using complex passwords, regularly checking for firmware updates, and avoiding credential reuse to reduce the attack surface.
– While no active exploitation is reported, prompt patching is strongly advised as attackers commonly target router vulnerabilities to build botnets for DDoS attacks.
ASUS has issued an urgent firmware update to resolve a serious security flaw that could let unauthorized users gain control of specific DSL router models. This vulnerability, identified as CVE-2025-59367, enables remote attackers to log into affected devices without needing a password or any action from the owner. The issue impacts the DSL-AC51, DSL-N16, and DSL-AC750 routers, and ASUS advises installing firmware version 1.1.2.3_1010 immediately to close the security gap.
According to the company, the flaw could permit unauthorized system access, making it essential for users to upgrade their firmware without delay. The update is available for download directly from the official ASUS support or product pages. Although only three models are officially listed, ASUS has also provided protective steps for individuals unable to update right away or those using older, unsupported devices.
For users who cannot patch their systems immediately, ASUS suggests disabling internet-accessible services to reduce risk. This includes turning off remote access from the WAN, port forwarding, DDNS, VPN servers, DMZ, port triggering, and FTP. Taking these actions helps block potential intrusion attempts while the router remains unpatched.
Beyond these immediate steps, the manufacturer encourages adopting broader security habits. Creating strong, unique passwords for both the router’s admin panel and Wi-Fi networks is highly recommended. Regularly checking for new firmware releases and avoiding password reuse across different services can further protect your network from compromise.
Although there are no current reports of this specific vulnerability being actively exploited, delaying updates is risky. Attackers often target router weaknesses to install malware, turning devices into parts of botnets used for disruptive activities like DDoS attacks. Recent history underscores this danger, in June, CISA flagged two older ASUS router flaws, CVE-2023-39780 and CVE-2021-32030, as actively exploited. Cybersecurity firms GreyNoise and Sekoia linked these vulnerabilities to a threat actor known as Vicious Trap, who used them to infect thousands of routers with the AyySSHush botnet.
This is not the first time ASUS has addressed such a critical issue. Back in April, the company patched another authentication bypass flaw, CVE-2025-2492, which affected numerous router models with AiCloud enabled. Staying vigilant and applying updates promptly remains the best defense against evolving threats.
(Source: Bleeping Computer)