ASUS disclosed a **critical authentication bypass vulnerability (CVE-2025-59367)** in multiple DSL-series routers (DSL-AC51, DSL-N16, DSL-AC750), allowing unauthenticated remote attackers to bypass credentials and gain full administrative access. The flaw, rated as low-complexity, exposes unpatched devices connected to the internet to potential compromise. While no in-the-wild exploitation has been confirmed, ASUS urged immediate firmware updates (version 1.1.2.3_1010) to mitigate risks. Users unable to patch were advised to disable internet-facing services (WAN access, port forwarding, VPN, DMZ, etc.) and enforce strong passwords to prevent unauthorized access.The vulnerability poses a significant risk of routers being hijacked for **botnet recruitment** or **DDoS campaigns**, a trend highlighted by past incidents like the *Vicious Trap* group exploiting older ASUS flaws (CVE-2023-39780, CVE-2021-32030) to backdoor thousands of devices for the *AyySSHush* botnet. ASUS also patched a similar high-risk flaw (CVE-2025-2492) earlier this year, reinforcing the persistent targeting of consumer networking hardware by threat actors. Failure to patch could lead to large-scale device compromise, enabling attackers to pivot into broader network intrusions or disrupt services.
ASUS cybersecurity rating report: https://www.rankiteo.com/company/asus
"id": "ASU5132951111725",
"linkid": "asus",
"type": "Vulnerability",
"date": "6/2021",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Users of ASUS DSL-AC51, '
'DSL-N16, DSL-AC750 routers (and '
'potentially other DSL-series '
'models)',
'industry': 'Technology/Hardware',
'location': 'Taiwan (HQ)',
'name': 'ASUS',
'type': 'Manufacturer'}],
'attack_vector': ['Network', 'Remote'],
'customer_advisories': ['Install firmware version 1.1.2.3_1010 immediately.',
'Disable internet-exposed services if unable to '
'patch.',
'Follow security hardening guidelines for end-of-life '
'devices.'],
'description': 'ASUS has issued new firmware updates to fix a critical '
'authentication bypass flaw (CVE-2025-59367) affecting '
'multiple DSL-series routers (DSL-AC51, DSL-N16, DSL-AC750). '
'The vulnerability allows unauthenticated attackers to '
'remotely log into impacted routers without user interaction. '
'ASUS urged users to immediately install firmware version '
'1.1.2.3_1010 or disable internet-facing services if patching '
'is not possible. While no in-the-wild exploitation has been '
'reported, router vulnerabilities are frequent targets for '
"botnet operators (e.g., Vicious Trap's AyySSHush botnet "
'exploiting older ASUS flaws CVE-2023-39780 and '
'CVE-2021-32030).',
'impact': {'brand_reputation_impact': ['Potential erosion of trust due to '
'unpatched vulnerabilities',
'Association with botnet risks (e.g., '
'AyySSHush)'],
'operational_impact': ['Unauthorized remote access to router '
'management interfaces',
'Risk of router hijacking for botnets/DDoS '
'campaigns'],
'systems_affected': ['ASUS DSL-AC51',
'ASUS DSL-N16',
'ASUS DSL-AC750',
'Potentially other DSL-series routers']},
'initial_access_broker': {'entry_point': ['Improper access request validation '
'in router firmware'],
'high_value_targets': ['Router management '
'interfaces',
'Potential for botnet '
'recruitment']},
'investigation_status': 'Ongoing (no confirmed in-the-wild exploitation '
'reported)',
'lessons_learned': ['Router vulnerabilities are high-value targets for botnet '
"operators (e.g., Vicious Trap's AyySSHush campaign).",
'End-of-life hardware poses persistent risks if not '
'properly secured or decommissioned.',
'Proactive firmware updates and service hardening are '
'critical for mitigating authentication bypass flaws.'],
'post_incident_analysis': {'corrective_actions': ['Firmware patch to block '
'authentication bypass '
'(version 1.1.2.3_1010).',
'Security guidance for '
'unpatchable/end-of-life '
'devices.',
'Public awareness campaign '
'on router hardening.'],
'root_causes': ['Improper validation of access '
'requests in DSL-series router '
'firmware']},
'recommendations': ['Immediately apply firmware updates for affected ASUS '
'DSL-series routers.',
'Disable all internet-facing services (remote WAN, port '
'forwarding, etc.) if patching is not feasible.',
'Use strong, unique passwords for router administration '
'and Wi-Fi networks.',
'Regularly check for firmware updates and avoid '
'credential reuse.',
'Monitor for suspicious activity (e.g., unauthorized '
'access, botnet C2 traffic).',
'Replace end-of-life routers with supported models where '
'possible.'],
'references': [{'source': 'ASUS Security Advisory'},
{'source': 'CISA KEV Catalog (CVE-2023-39780, CVE-2021-32030)',
'url': 'https://www.cisa.gov/known-exploited-vulnerabilities-catalog'},
{'source': 'GreyNoise/Sekoia Report on Vicious Trap (AyySSHush '
'Botnet)'}],
'response': {'communication_strategy': ['Public advisory via ASUS support '
'portal',
'Networking page notifications',
'Media outreach'],
'containment_measures': ['Firmware update (version 1.1.2.3_1010) '
'for DSL-AC51, DSL-N16, DSL-AC750',
'Disabling internet-accessible services '
'(remote WAN, port forwarding, DDNS, '
'VPN, DMZ, port triggering, FTP) for '
'unpatchable devices',
'Recommending strong passwords, '
'avoiding credential reuse, and regular '
'update checks'],
'incident_response_plan_activated': True,
'remediation_measures': ['Firmware patch',
'Security hardening guidance for '
'end-of-life devices']},
'stakeholder_advisories': ['ASUS support portal notifications',
'Public security bulletin'],
'title': 'Critical Authentication Bypass Flaw in ASUS DSL-Series Routers '
'(CVE-2025-59367)',
'type': ['Vulnerability', 'Authentication Bypass'],
'vulnerability_exploited': 'CVE-2025-59367 (Authentication Bypass in '
'DSL-series routers)'}