ASUS has launched new firmware to patch a crucial authentication bypass safety flaw impacting a number of DSL sequence router fashions.
Tracked as CVE-2025-59367, this vulnerability permits distant, unauthenticated attackers to log into unpatched units uncovered on-line in low-complexity assaults that do not require person interplay.
ASUS has launched firmware model 1.1.2.3_1010 to handle this vulnerability for DSL-AC51, DSL-N16, and DSL-AC750 router fashions.
“An authentication bypass vulnerability has been recognized in sure DSL sequence routers, might permit distant attackers to realize unauthorized entry into the affected system,” ASUS explains.
“ASUS recommends replace to the newest firmware to make sure your system stays protected. Obtain and set up the newest firmware model 1.1.2.3_1010 on your system from the ASUS help web page or your product web page at ASUS Networking.”
Whereas the Taiwanese electronics producer solely mentions three affected router fashions, it additionally supplies mitigation measures for customers who cannot instantly replace their units or have end-of-life fashions that won’t obtain firmware updates.
To dam potential assaults with out patching the routers, customers are suggested to disable any companies accessible from the Web, together with distant entry from WAN, port forwarding, DDNS, VPN server, DMZ, port triggering, and FTP.
ASUS additionally recommends taking further measures to safe routers and cut back the assault floor, together with utilizing advanced passwords for the router administration web page and wi-fi networks, frequently checking for safety updates and new firmware, and avoiding the reuse of credentials.
Whereas there aren’t any stories of energetic exploitation, it’s strongly really helpful to put in the newest firmware as quickly as potential, as attackers generally goal router flaws to contaminate units with botnet malware, which they then use in DDoS assaults.
As an illustration, in June, CISA added two older safety flaws impacting ASUS RT-AX55 (CVE-2023-39780) and ASUS GT-AC2900 (CVE-2021-32030) routers to its catalog of actively exploited vulnerabilities.
As cybersecurity firm GreyNoise and French cybersecurity agency Sekoia revealed on the time, “a well-resourced and extremely succesful adversary” tracked as Vicious Lure used CVE-2023-39780 and CVE-2021-32030 to backdoor 1000’s of ASUS routers in assaults aimed toward constructing a brand new botnet, tracked as AyySSHush.
In April, ASUS patched one other crucial authentication bypass vulnerability (CVE-2025-2492) in a variety of router fashions with the AiCloud service enabled.
It is funds season! Over 300 CISOs and safety leaders have shared how they’re planning, spending, and prioritizing for the yr forward. This report compiles their insights, permitting readers to benchmark methods, establish rising traits, and evaluate their priorities as they head into 2026.
Find out how high leaders are turning funding into measurable affect.
