ASUS has disclosed a crucial safety flaw impacting routers with AiCloud enabled that might allow distant attackers to carry out unauthorized execution of capabilities on vulnerable units.
The vulnerability, tracked as CVE-2025-2492, has a CVSS rating of 9.2 out of a most of 10.0.
“An improper authentication management vulnerability exists in sure ASUS router firmware sequence,” ASUS stated in an advisory. “This vulnerability will be triggered by a crafted request, probably resulting in unauthorized execution of capabilities.”
The shortcoming has been addressed with firmware updates for the next branches –
- 3.0.0.4_382
- 3.0.0.4_386
- 3.0.0.4_388, and
- 3.0.0.6_102
For optimum safety, it is really helpful to replace their situations to the most recent model of the firmware.
“Use totally different passwords on your wi-fi community and router administration web page,” ASUS stated. “Use passwords which have a minimum of 10 characters, with a mixture of capital letters, numbers, and symbols.”
“Don’t use the identical password for a couple of gadget or service. Don’t use passwords with consecutive numbers or letters, equivalent to 1234567890, abcdefghij, or qwertyuiop.”
If speedy patching isn’t an possibility or the routers have reached end-of-life (EoL), it is suggested to be sure that login and Wi-Fi passwords are sturdy.
Another choice is to disable AiCloud and any service that may be accessed from the web, equivalent to distant entry from WAN, port forwarding, DDNS, VPN server, DMZ, port triggering, and FTP.
