Latest Cyber Security News

You are here: Home / General Cyber Security News / ASUS Confirms Critical Flaw in AiCloud Routers; Users Urged to Update Firmware
April 19, 2025

ASUS has disclosed a critical security flaw impacting routers with AiCloud enabled that could permit remote attackers to perform unauthorized execution of functions on susceptible devices.

The vulnerability, tracked as CVE-2025-2492, has a CVSS score of 9.2 out of a maximum of 10.0.

Cybersecurity

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“An improper authentication control vulnerability exists in certain ASUS router firmware series,” ASUS said in an advisory. “This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions.”

The shortcoming has been addressed with firmware updates for the following branches –

  • 3.0.0.4_382
  • 3.0.0.4_386
  • 3.0.0.4_388, and
  • 3.0.0.6_102

For optimal protection, it’s recommended to update their instances to the latest version of the firmware.

“Use different passwords for your wireless network and router administration page,” ASUS said. “Use passwords that have at least 10 characters, with a mix of capital letters, numbers, and symbols.”

Cybersecurity

“Do not use the same password for more than one device or service. Do not use passwords with consecutive numbers or letters, such as 1234567890, abcdefghij, or qwertyuiop.”

If immediate patching is not an option or the routers have reached end-of-life (EoL), it’s advised to make sure that login and Wi-Fi passwords are strong.

Another option is to disable AiCloud and any service that can be accessed from the internet, such as remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port triggering, and FTP.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.


Some parts of this article are sourced from:
thehackernews.com

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *