Full Report
ASUS is warning about an authentication bypass vulnerability in routers with AiCloud enabled that could allow remote attackers to perform unauthorized execution of functions on the device. [...]
Analysis Summary
# Vulnerability: Critical Authentication Bypass in ASUS Routers via AiCloud
## CVE Details
- CVE ID: CVE-2025-2492
- CVSS Score: 9.2 (Critical)
- CWE: Improper Authentication (Inferred from description: auth bypass flaw)
## Affected Systems
- Products: ASUS Routers with AiCloud feature enabled
- Versions: Firmware series including 3.0.0.4\_382, 3.0.0.4\_386, 3.0.0.4\_388, and 3.0.0.6\_102 (Specific model versions requiring these branches).
- Configurations: AiCloud feature must be enabled.
## Vulnerability Description
A critical improper authentication control vulnerability exists in the AiCloud feature of certain ASUS router firmware. This flaw allows a remote, unauthenticated attacker to send a specially crafted request to the device, which can successfully bypass authentication mechanisms and lead to the unauthorized execution of functions on the router.
## Exploitation
- Status: Not exploited in the wild (No reports yet)
- Complexity: Low (Remotely exploitable via crafted request)
- Attack Vector: Network
## Impact
- Confidentiality: High (Potential unauthorized access/data exposure via function execution)
- Integrity: High (Potential unauthorized modification/control over router functions)
- Availability: Medium/High (Potential for malware installation or recruitment into botnets)
## Remediation
### Patches
Users must upgrade to the latest firmware version available for their specific router model. Fixes are released for the following firmware branches:
- 3.0.0.4\_382 series
- 3.0.0.4\_386 series
- 3.0.0.4\_388 series
- 3.0.0.6\_102 series
### Workarounds
1. **Disable AiCloud:** If the router is End-of-Life (EOL), users are advised to disable AiCloud completely.
2. **Restrict WAN Access:** Disable internet access for WAN, port forwarding, DDNS, VPN server, DMZ, port triggering, and FTP services.
3. **Password Strength:** Ensure router administration passwords are at least 10 characters long, using a mix of letters, numbers, and symbols.
## Detection
- **Indicators of compromise:** Unusual router behavior, unexpected services running, or indicators of being recruited into a botnet.
- **Detection methods and tools:** Monitor network traffic for unauthenticated requests targeting router APIs, particularly if the source appears malicious or anomalous.
## References
- Vendor advisory: hxxps://www.asus.com/content/asus-product-security-advisory/
- Firmware upgrade locations: hxxps://www.asus.com/support/ or hxxps://www.asus.com/networking-iot-servers/wifi-routers/asus-wifi-routers/
- Firmware update instructions: hxxps://www.asus.com/support/faq/1008000/