ASUS discloses important security flaws affecting AICLoud-enabled routers that can allow remote attackers to perform unauthorized execution of functions on sensitive devices.
The CVSS score for vulnerabilities tracked as CVE-2025-2492 is 9.2 out of a maximum of 10.0.
“There are inappropriate authentication control vulnerabilities in certain ASUS router firmware series,” Asus said in his advisory. “This vulnerability can be caused by crafted requests and could potentially lead to the malfunction of a feature.”
The drawback is addressed in the firmware update for the next branch –
3.0.0.4_382 3.0.0.4_386 3.0.0.4_388, and 3.0.0.6_102
For optimal protection, we recommend updating your instance to the latest version of firmware.
“We use different passwords for wireless networks and router management pages,” Asus says. “Use a password of at least 10 characters, mixed with uppercase letters, numbers, and symbols.”
“Do not use the same password for multiple devices or services. Do not use passwords with consecutive numbers or characters, such as 1234567890, abcdefghij, qweryuiop.”
If immediate patching is not an option, or if your router reaches end of life (EOL), it is recommended to make sure your login and Wi-Fi password is strong.
Another option is to disable AicLoud and the Internet-accessible services, such as WAN, port forwarding, DDNS, VPN servers, DMZ, port triggers, remote access from FTP, etc.
Source link
