ASUS revealed a critical lack of security that affect the routers Aicloud Enabled, which can allow distant attackers to perform unauthorized performance on sensitive devices.
Vulnerability tracked as Cve-2025-2492has a CVSS 9.2 mark with a maximum of 10.0.
“Incorrect vulnerability by authentication management exists in a specific series of asus firmware”, Asus – Note In advisory. “This vulnerability can be caused by a developed request, which can lead to unauthorized functions.”
The disadvantage was addressed with the firmware updates for the following branches –
- 3.0.0.4_382
- 3.0.0.4_386
- 3.0.0.4_388, and
- 3.0.0.6_102
For optimal protection it is recommended to update your instances to the latest firmware.
“Use different passwords for your wireless administration page and router,” Asus said. “Use passwords that have at least 10 characters, with a mixture of capital letters, numbers and characters.”
“Do not use the same password for multiple devices or service. Do not use passwords with numbers or letters, such as 1234567890, abcdefghij, or qwertyuiop.”
If immediate correction is not an option or router reached the end of life (EOL), it is recommended to make sure that the entry passwords and Wi-Fi are strong.
Another option is to disable Aicloud and any service to which you can access the Internet, such as remote access from Wan, Port Rewring, DDNS, VPN Server, DMZ, Triggering Port and FTP.
