ASUS has confirmed a critical security vulnerability in AiCloud routers, which could allow remote attackers to execute unauthorized functions. The flaw, identified as CVE-2025-2492, has been rated with a CVSS score of 9.2 out of 10. This vulnerability exists due to improper authentication controls in specific ASUS router firmware versions. A crafted request can trigger this flaw, leading to potential exploitation of the affected device.
The issue has been addressed with firmware updates for several branches of ASUS routers, including versions 3.0.0.4_382, 3.0.0.4_386, 3.0.0.4_388, and 3.0.0.6_102. ASUS has strongly recommended that users apply these updates to ensure their routers are protected from potential attacks. The company also emphasized the importance of using strong passwords, specifically those with at least 10 characters, and a mix of capital letters, numbers, and symbols. Changing passwords frequently and not reusing them across different services is also advised.
For users unable to immediately update their firmware, ASUS recommends ensuring strong login and Wi-Fi passwords if their routers are nearing the end-of-life (EoL). If patching is not an option, it is crucial to make the passwords complex to prevent easy exploitation. Users should also disable AiCloud and any services that can be accessed remotely, such as port forwarding, DDNS, VPN server, and FTP. This reduces the chances of an attacker exploiting the vulnerability through internet-accessible services.
In the advisory, ASUS emphasized the importance of preventing remote access through WAN, port triggering, and other exposed services. It advised router owners to consider disabling these features if they cannot patch the routers immediately. By following these guidelines, users can minimize the risk posed by the vulnerability until an update can be applied, ensuring their devices remain secure.
.Reference: