Full Report
ASUS has released new firmware to patch a critical authentication bypass security flaw impacting several DSL series router models. [...]
Analysis Summary
# Vulnerability: Critical Authentication Bypass in ASUS DSL Series Routers
## CVE Details
- CVE ID: CVE-2025-59367
- CVSS Score: Information Not Available (Severity implies **Critical**)
- CWE: Authentication Bypass (Inferred)
## Affected Systems
- Products: ASUS DSL-AC51, DSL-N16, DSL-AC750 router models.
- Versions: Unpatched firmware versions prior to 1.1.2.3\_1010.
- Configurations: Devices exposed online.
## Vulnerability Description
A critical authentication bypass vulnerability exists in certain ASUS DSL series routers. This flaw allows remote, unauthenticated attackers to gain unauthorized access to the affected system.
## Exploitation
- Status: No reports of active exploitation, but PoC availability is **Unknown/Not explicitly stated**.
- Complexity: **Low** complexity attacks are possible.
- Attack Vector: **Network** (Remote, unauthenticated).
## Impact
- Confidentiality: **High** (Unauthorized Access gained)
- Integrity: **High** (Potential for system modification)
- Availability: **High** (Potential for disruption or device compromise via botnet infection)
## Remediation
### Patches
- **Firmware Version 1.1.2.3\_1010** or later for DSL-AC51, DSL-N16, and DSL-AC750 provided by ASUS.
### Workarounds
For users unable to update immediately or for end-of-life models:
1. Disable any services accessible from the Internet, including:
* Remote access from WAN
* Port forwarding
* DDNS
* VPN server
* DMZ
* Port triggering
* FTP
2. Secure general configuration by using complex passwords for the router administration page and wireless networks.
3. Regularly check for security updates.
## Detection
- **Indicators of Compromise:** No specific IoCs listed for this CVE, but historical context shows successful exploitation often leads to botnet malware installation (e.g., AyySSHush botnet targeting other ASUS firmware).
- **Detection methods and tools:** Monitor network traffic for unusual external login attempts or post-exploitation activity associated with established router botnets.
## References
- Vendor Advisory: hxxps://www.asus.com/security-advisory#:~:text=Security%20Update%20for%20DSL%20Series%20Router
- User Guide for Mitigation: hxxps://www.asus.com/support/faq/1008000/