Jump to content
Login new information ×
Login new information
  • Security & Privacy News

    ASUS warns of critical auth bypass flaw in routers using AiCloud

    Karlston

    By Karlston,
    Published Date:

    • 154 views
    • 2 minutes
     Share
    • 154 views
    • 2 minutes

    ASUS is warning about an authentication bypass vulnerability in routers with AiCloud enabled that could allow remote attackers to perform unauthorized execution of functions on the device.

     

    The vulnerability, tracked under CVE-2025-2492 and rated critical (CVSS v4 score: 9.2), is remotely exploitable via a specially crafted request and requires no authentication, making it particularly dangerous.

     

    "An improper authentication control vulnerability exists in certain ASUS router firmware series," reads the vendor's bulletin.

     

    "This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions."

     

    AiCloud is a cloud-based remote access feature built into many ASUS routers, turning them into mini private cloud servers.

     

    It allows users to access files stored on USB drives connected to the router from anywhere over the internet, stream media remotely, sync files between home networks and other cloud storage services, and share files with others via links.

     

    The vulnerability discovered in AiCloud impacts a broad range of models, with ASUS releasing fixes for multiple firmware branches, including 3.0.0.4_382 series, 3.0.0.4_386 series, 3.0.0.4_388 series, and 3.0.0.6_102 series.

     

    Users are recommended to upgrade to the latest firmware version available for their model, which they can find on the vendor's support portal or the product finder page. Detailed instructions on how to apply firmware updates are available here.

     

    ASUS also advises users to use distinct passwords to secure their wireless network and router administration page, and make sure they're at least 10 characters long with a mix of letters, numbers, and symbols.

     

    Impacted users of end-of-life products are advised to disable AiCloud entirely and turn off internet access for WAN, port forwarding, DDNS, VPN server, DMZ, port triggering, and FTP services.

     

    While there are no reports of active exploitation or a public proof-of-concept exploit for CVE-2025-2492, attackers commonly target these flaws to infect devices with malware or recruit them into DDoS swarms.

     

    Therefore, it is strongly advised that ASUS router users upgrade to the latest firmware as soon as possible.

     

    Source

    Hope you enjoyed this news post.

    Thank you for appreciating my time and effort posting news every day for many years.

    News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of March): 1,357

    RIP Matrix | Farewell my friend  :sadbye:

     Share
    Go to news

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.

    ×

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...