ASUS has revealed a severe security vulnerability affecting routers with AiCloud enabled that could allow remote attackers to execute unauthorized functions on vulnerable devices.
The vulnerability, identified as CVE-2025-2492, carries a concerning CVSS score of 9.2 out of 10.0, indicating its high severity.
"An improper authentication control vulnerability exists in certain ASUS router firmware series," ASUS stated in their advisory. "This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions."
Patched Firmware Available
ASUS has addressed this security issue by releasing firmware updates for the following branches:
- 3.0.0.4_382
- 3.0.0.4_386
- 3.0.0.4_388
- 3.0.0.6_102
Users are strongly encouraged to update their router firmware to the latest version as soon as possible.
Security Recommendations
ASUS provided additional security advice for router owners:
"Use different passwords for your wireless network and router administration page," the company advised. "Use passwords that have at least 10 characters, with a mix of capital letters, numbers, and symbols."
"Do not use the same password for more than one device or service. Do not use passwords with consecutive numbers or letters, such as 1234567890, abcdefghij, or qwertyuiop."
Alternative Protection Measures
If immediate patching isn't feasible or if your router has reached end-of-life (EoL) status, users should:
- Ensure login and Wi-Fi passwords are strong
- Disable AiCloud functionality
- Disable any services accessible from the internet, including:
- Remote access from WAN
- Port forwarding
- DDNS
- VPN server
- DMZ
- Port triggering
- FTP
Read more here
