Critical ASUS DSL Router Flaw (CVE-2025-59367, CVSS 9.3) Allows Unauthenticated Remote Access
Ddos 
ASUS has released an urgent security advisory addressing a critical authentication bypass vulnerability affecting several models in its DSL Series Router lineup. The flaw, tracked as CVE-2025-59367 with a CVSSv4 score of 9.3, could allow remote threat actors to access affected systems without valid credentials, posing a severe risk to home users and small businesses relying on these devices.
According to ASUS, “A security vulnerability has been identified in certain ASUS DSL Series Router… An authentication bypass vulnerability… may allow remote attackers to gain unauthorized access into the affected system.”
Authentication bypass flaws are among the most dangerous vulnerabilities for networking devices because attackers can:
- Log in without credentials
- Modify router settings
- Hijack internet traffic
- Install persistent malware
- Join the device into botnets
- Intercept sensitive communications
Given the widespread use of ASUS DSL routers in homes and SMEs, exploitation could result in large-scale compromise if users fail to update promptly.
ASUS has released a new firmware update that fully addresses the vulnerability for supported models.
The update is available for:
| Model | Fixed Firmware Version |
|---|---|
| DSL-AC51 | 1.1.2.3_1010 |
| DSL-N16 | 1.1.2.3_1010 |
| DSL-AC750 | 1.1.2.3_1010 |
ASUS strongly advises users to update immediately. Firmware downloads are available on each device’s product page or through the ASUS support portal.
Some older DSL router models have reached End-of-Life (EOL) and cannot receive the new security update. For these unsupported devices, ASUS recommends strict security hardening. ASUS instructs users of EOL devices to disable all services accessible from the internet, including:
- Remote access from WAN
- Port forwarding
- DDNS
- VPN server
- DMZ
- Port triggering
- FTP
These steps significantly reduce the attack surface but do not fully eliminate the risk.
To further mitigate exposure, ASUS emphasizes essential best practices:
“Use different, complex passwords for your wireless network and router administration page (at least 10 characters, include uppercase, numbers and symbols).”
The advisory also reminds users:
- Do not reuse passwords across devices or services
- Regularly check for new firmware and security announcements
Related Posts:
- OpenWrt Patches ubusd RCE Flaw (CVE-2025-62526) and Kernel Memory Leak (CVE-2025-62525) in DSL Driver
- ASUS Urges Windows 11 Upgrade: The Dawn of AI-Powered PCs and the End of Windows 10
- Multiple vulnerabilities affect all versions of ASUS routers
- CISA Adds 5 Actively Exploited Vulnerabilities to KEV Catalog: ASUS Routers, Craft CMS, and ConnectWise Targeted
- ASUS Joins the Ranks of CVE Numbering Authorities
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
