ASUS has issued a security advisory concerning a critical authentication bypass vulnerability, tracked as CVE-2025-59367, affecting several of its DSL series router models1. The company has released new firmware to address this flaw, which could permit remote attackers to gain unauthorized access to the affected system without requiring login credentials. This development is part of a persistent pattern of critical vulnerabilities discovered in ASUS networking equipment over recent years, highlighting an ongoing challenge in consumer-grade network security3, 6. For network defenders and security professionals, this vulnerability represents a significant risk to network perimeter security, potentially allowing threat actors to alter DNS settings, intercept data, and infiltrate internal networks.
The primary affected models are the DSL-AC51, DSL-N16, and DSL-AC750 routers1. ASUS recommends users of these devices immediately update their firmware to version 1.1.2.3_1010, which contains the necessary patch. It is noteworthy that some of these router models are listed as End-of-Life (EOL) by ASUS, a factor that often correlates with increased susceptibility to such security flaws due to the cessation of regular security updates3. This situation necessitates a clear and immediate action plan for system administrators and security teams responsible for managing these devices, whether in corporate remote work environments or other operational contexts.
Technical Details and Impact Assessment
The CVE-2025-59367 vulnerability is classified as a critical authentication bypass flaw. In practical terms, this means an attacker could potentially access the router’s administrative interface without providing valid credentials, effectively bypassing all authentication controls. Once authenticated, an attacker would have full administrative control over the device, enabling them to modify network configurations, set up port forwarding rules, change DNS settings to redirect traffic to malicious servers, or deploy additional payloads to compromise connected systems. The remote nature of this vulnerability significantly increases its severity, as it could potentially be exploited from anywhere on the internet if the management interface is exposed.
According to historical context from similar ASUS router vulnerabilities, the impact of such authentication bypass flaws can be severe. For instance, CVE-2024-3080, another critical authentication bypass in ASUS routers, received a CVSS score of 9.8 and affected seven different router models9. While the exact CVSS score for CVE-2025-59367 has not been specified in the available sources, its classification as “critical” suggests a similarly high potential for damage. The affected DSL series routers are typically deployed in home offices, small businesses, and potentially as remote worker endpoints, making them attractive targets for initial network infiltration.
Security researchers have documented that compromised routers can serve as persistent footholds within networks, enabling man-in-the-middle attacks, credential harvesting, and lateral movement. The modification of DNS settings alone can redirect users to phishing sites even when correct URLs are entered, bypassing many traditional security controls. For organizations with employees using these routers for remote access, a compromise could lead to the interception of sensitive corporate data, including VPN credentials and other authentication tokens transmitted over the network.
Historical Context of ASUS Router Vulnerabilities
This latest security issue follows a pattern of critical vulnerabilities discovered in ASUS routers over the past several years. In April 2025, a separate critical authentication bypass bug (CVE-2025-2492) was identified impacting ASUS routers with the AiCloud feature activated6. Earlier, in 2024, CVE-2024-3080 was disclosed as a remote authentication bypass flaw that allowed full control over affected routers5, 9. The recurrence of such critical flaws in consumer networking equipment underscores the persistent security challenges in this product category.
The historical data reveals that ASUS has addressed similar critical flaws including authentication bypass vulnerabilities and buffer overflows across multiple router models throughout 2024 and 20257. This pattern suggests either fundamental architectural issues in the router firmware or increasingly sophisticated security research targeting these widely deployed devices. For security teams maintaining asset inventories, this history indicates that ASUS routers should be subject to particularly vigilant patch management and monitoring protocols, especially when deployed in enterprise or sensitive environments.
The table below summarizes recent critical ASUS router vulnerabilities for context:
| CVE Identifier | Publication Date | Affected Systems | CVSS Score |
|---|---|---|---|
| CVE-2025-59367 | November 2025 | DSL-AC51, DSL-N16, DSL-AC750 | Critical (exact score N/A) |
| CVE-2025-2492 | April 2025 | Routers with AiCloud feature | Critical |
| CVE-2024-3080 | 2024 | Seven router models including ZenWiFi XT8, RT-AX88U | 9.8 |
| CVE-2023-39780 | 2023 | Multiple models | N/A |
ASUS Security Posture and Official Guidance
ASUS maintains a formal Security Advisory Portal through which it discloses vulnerabilities and provides patches2. The company has established itself as a CVE Numbering Authority (CNA) and participates in Coordinated Vulnerability Disclosure (CVD) processes as a member of FIRST, indicating a structured approach to security response. In an official statement dated June 4, 2025, ASUS addressed media reports regarding exploitation attempts and provided comprehensive security guidance for router users8.
For all users, ASUS recommends updating to the latest available firmware and setting a strong administrator password consisting of at least 10 characters with a mix of uppercase and lowercase letters, numbers, and symbols. For devices that are potentially compromised, the company advises a three-step process: first update the firmware, then perform a factory reset, and finally reconfigure the device with a strong password. According to ASUS, “These steps will ensure that the device is fully secured and no residual risk remains”8.
For End-of-Life (EOL) devices that may not receive new firmware updates, ASUS states they “can still be safely used” if users implement specific hardening measures. These include installing the last available firmware version, setting a strong password, and critically, disabling all remote access features including SSH, DDNS, AiCloud, and Web Access from WAN. The company asserts that “Completing the above steps will effectively prevent the exploitation methods” even for devices that are no longer supported with regular security updates8.
Remediation and Security Hardening Recommendations
The immediate remediation for CVE-2025-59367 is to update affected DSL series routers to firmware version 1.1.2.3_1010. Users should access the ASUS support portal and download the appropriate firmware for their specific model. The update process typically involves logging into the router’s web interface, navigating to the firmware update section, and uploading the downloaded file. It is crucial to verify the firmware version after update to ensure the patch was applied successfully. Network administrators should maintain an inventory of all ASUS router models in their environment and cross-reference them with the affected models list.
For security teams, additional hardening measures should be implemented beyond simply applying the patch. These include changing all default credentials, disabling remote management features unless absolutely necessary, implementing network segmentation to isolate routers from critical network segments, and monitoring for suspicious activity on management interfaces. ASUS specifically recommends checking system logs for login failures or unknown SSH keys and ensuring that SSH (port 53282) is not exposed to the internet8.
For organizations with security monitoring capabilities, detection rules should be created to alert on authentication bypass attempts. These might include monitoring for successful administrative logins from unexpected geographic locations, multiple failed login attempts followed by successful access, or configuration changes to DNS settings or firewall rules. In cases where compromise is suspected, a full forensic analysis should be conducted, including examination of router logs, network traffic analysis for suspicious outbound connections, and verification of DNS settings against known legitimate values.
The recurrence of critical authentication bypass vulnerabilities in ASUS routers highlights the importance of defense-in-depth strategies for network perimeter security. Organizations should consider implementing additional security controls such as network-based intrusion detection systems, DNS filtering services, and regular security assessments of internet-facing devices. For particularly sensitive environments, consideration should be given to replacing consumer-grade networking equipment with enterprise-grade alternatives that typically offer more robust security features and longer support lifecycles.
Conclusion
The discovery of CVE-2025-59367 in ASUS DSL series routers represents another critical vulnerability in a series of similar flaws affecting consumer networking equipment. The authentication bypass nature of this vulnerability poses significant risks to network security, potentially enabling complete compromise of affected devices. The availability of a firmware patch provides a clear remediation path, though the effectiveness of this response depends on users and organizations promptly applying the update.
The historical pattern of such vulnerabilities in ASUS routers suggests that security teams should maintain ongoing vigilance regarding these devices, implementing robust patch management processes and additional security controls to mitigate risks. The comprehensive guidance provided by ASUS for securing both supported and end-of-life devices offers a practical framework for hardening these devices against exploitation. As network perimeter devices continue to be attractive targets for attackers, proactive security measures and rapid response to vulnerability disclosures remain essential components of effective network defense strategies.
References
- “ASUS warns of critical auth bypass flaw in DSL series routers,” BleepingComputer, Nov. 2025.
- ASUS Security Advisory Portal, ASUS, accessed Nov. 2025.
- “If you have one of these old Asus routers, update its firmware due to a critical vulnerability,” PC Gamer, Nov. 2025.
- “If you have one of these old Asus routers, update its firmware due to a critical vulnerability,” Yahoo, Nov. 2025.
- “ASUS patches critical router flaw that allows remote attacks,” CSOOnline, Apr. 2025.
- “Critical authentication bypass bug impacts Asus routers with AiCloud,” SC World, Apr. 2025.
- “ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models,” The Hacker News, Jun. 2024.
- “ASUS Official Statement on Recent Reports Regarding Router Security,” ASUS, Jun. 2025.
- “CVE-2024-3080: ASUS warns Customers about the latest Authentication Bypass Vulnerability detected Across seven Router Models,” Wallarm Lab, Jun. 2025.
