CyberInsider

Reliable cybersecurity news and resources

General

Latest News

About

CyberInsider covers the latest news in the cybersecurity and data privacy world. In addition to news, we also publish in-depth guides and resources.
See our Mission >

ASUS fixes critical authentication bypass flaw in DSL series routers

By Leave a Comment
LinkedInReddit

ASUS warned of a critical authentication bypass vulnerability affecting several DSL series routers, and made fixing patches available.

Tracked as CVE-2025-59367, the flaw received a CVSS v4.0 score of 9.3, indicating a high risk of remote exploitation without user interaction or authentication.

The vulnerability was publicly disclosed yesterday through a security advisory urging users to install firmware version 1.1.2.3_1010, which addresses the issue. According to the advisory, unauthenticated remote attackers can exploit this flaw to gain full access to vulnerable devices, compromising both the router and any connected network.

The flaw impacts at least three ASUS DSL router models:

  • DSL-AC51
  • DSL-N16
  • DSL-AC750

All are budget-friendly models targeted at home users and small offices, and have been widely deployed due to ASUS's strong presence in the consumer networking space. The vulnerability affects systems that expose remote management or other services to the internet, making misconfigured or unpatched routers particularly vulnerable.

Fixes and mitigations available

ASUS has provided updated firmware for supported models, which can be downloaded via the product's support page. However, for end-of-life (EOL) models no longer receiving firmware updates, ASUS recommends disabling any features accessible from the internet, including:

  • WAN remote access
  • Port forwarding
  • Dynamic DNS (DDNS)
  • VPN server
  • DMZ
  • Port triggering
  • FTP services

The vulnerability does not require any special conditions to exploit. The CVSS vector shows that attacks can be launched over the network, are of low attack complexity, and require no privileges or user interaction.

Apart from updating to firmware 1.1.2.3_1010 and disabling unused internet-facing services, it is recommended to use strong, unique admin and WiFi passwords, and isolate older models from critical devices in the network.

ASUS has not provided further technical breakdowns of the flaw at this time, and no exploitation in the wild has been confirmed. However, given the simplicity of the attack vector, proof-of-concept exploits are likely to appear soon.

If you liked this article, be sure to follow us on X/Twitter and also LinkedIn for more exclusive content.

LinkedInReddit

More from CyberInsider

About Bill Mann

Bill specializes in explaining complex technical topics to a non-technical audience. In his 30+ year career, he has covered many of the technological advances that shape our lives. Today, Bill uses those skills to help people protect their privacy and security against the ever-growing assaults on both.

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Share to...
BlueskyBufferCopyFlipboardHacker NewsLineLinkedInMastodonMessengerMixNextdoorPinterestPrintRedditSMSTelegramThreadsTumblrVKWhatsAppXingYummly