CyberSecurityBoard
Sponsor Register Login

ASUS warns of critical auth bypass flaw in routers using AiCloud

The vulnerability discovered in AiCloud impacts a broad range of models, with ASUS releasing fixes for multiple firmware branches, including 3.0.0.4_382 series, 3.0.0.4_386 series, 3.0.0.4_388 series, and 3.0.0.6_102 series. It allows users to access files stored on USB drives connected to the router from anywhere over the internet, stream media remotely, sync files between home networks and other cloud storage services, and share files with others via links. "An improper authentication control vulnerability exists in certain ASUS router firmware series," reads the vendor's bulletin. ASUS is warning about an authentication bypass vulnerability in routers with AiCloud enabled that could allow remote attackers to perform unauthorized execution of functions on the device. ASUS also advises users to use distinct passwords to secure their wireless network and router administration page, and make sure they're at least 10 characters long with a mix of letters, numbers, and symbols. Impacted users of end-of-life products are advised to disable AiCloud entirely and turn off internet access for WAN, port forwarding, DDNS, VPN server, DMZ, port triggering, and FTP services. Users are recommended to upgrade to the latest firmware version available for their model, which they can find on the vendor's support portal or the product finder page. Therefore, it is strongly advised that ASUS router users upgrade to the latest firmware as soon as possible. AiCloud is a cloud-based remote access feature built into many ASUS routers, turning them into mini private cloud servers. Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. The vulnerability, tracked under CVE-2025-2492 and rated critical (CVSS v4 score: 9.2), is remotely exploitable via a specially crafted request and requires no authentication, making it particularly dangerous. While there are no reports of active exploitation or a public proof-of-concept exploit for CVE-2025-2492, attackers commonly target these flaws to infect devices with malware or recruit them into DDoS swarms.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 18 Apr 2025 16:10:29 +0000


Cyber News related to ASUS warns of critical auth bypass flaw in routers using AiCloud

ASUS warns of critical auth bypass flaw in routers using AiCloud - The vulnerability discovered in AiCloud impacts a broad range of models, with ASUS releasing fixes for multiple firmware branches, including 3.0.0.4_382 series, 3.0.0.4_386 series, 3.0.0.4_388 series, and 3.0.0.6_102 series. It allows users to access ...
19 hours ago Bleepingcomputer.com CVE-2025-2492
CVE-2024-0401 - ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. An authenticated and remote attacker can execute arbitrary operating system commands by uploading a crafted OVPN profile. Known affected routers include ...
10 months ago
14 New DrayTek routers' flaws impacts over 700,000 devices in 168 countries - Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. Multiple flaws in DrayTek ...
6 months ago Securityaffairs.com CVE-2024-45519 CVE-2024-29849 CVE-2024-41585
Juniper releases out-of-cycle fix for max severity auth bypass flaw - Juniper Networks has released an emergency update to address a maximum severity vulnerability that leads to authentication bypass in Session Smart Router, Session Smart Conductor, and WAN Assurance Router products. The security issue is tracked as ...
9 months ago Bleepingcomputer.com CVE-2024-2973
Juniper releases out-of-cycle fix for max severity auth bypass flaw - Juniper Networks has released an emergency update to address a maximum severity vulnerability that leads to authentication bypass in Session Smart Router, Session Smart Conductor, and WAN Assurance Router products. The security issue is tracked as ...
9 months ago Bleepingcomputer.com CVE-2024-2973
DrayTek Routers at Risk From 14 New Vulnerabilities - The advice comes amid signs of growing threat actor activity — including by nation-state actors — targeting vulnerabilities in routers and other network devices from DrayTek and a variety of other vendors, including Fortinet, F5, QNAP, Ivanti, ...
6 months ago Darkreading.com CVE-2024-41592 CVE-2024-41585 CVE-2021-20123 CVE-2021-20124
"Sierra:21" vulnerabilities impact critical infrastructure routers - A set of 21 newly discovered vulnerabilities impact Sierra OT/IoT routers and threaten critical infrastructure with remote code execution, unauthorized access, cross-site scripting, authentication bypass, and denial of service attacks. The flaws ...
1 year ago Bleepingcomputer.com
Juniper Networks fixed a critical authentication bypass flaw in some of its routers - MUST READ. Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities catalog. Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 ...
9 months ago Securityaffairs.com CVE-2024-0769 CVE-2022-38028 CVE-2024-0204 CVE-2023-49103 CVE-2023-38831 CVE-2023-40044 APT28 Rocke
VMWare discloses critical VCD Appliance auth bypass with no patch - VMware disclosed a critical and unpatched authentication bypass vulnerability affecting Cloud Director appliance deployments. Cloud Director enables VMware admins to manage their organizations' cloud services as part of Virtual Data Centers. The auth ...
1 year ago Bleepingcomputer.com CVE-2023-34060
Critical Apache Log4j2 flaw still threatens global finance - Critical Apache Log4j2 flaw still threatens global finance. CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. Russia-linked APT28 used post-compromise ...
10 months ago Securityaffairs.com CVE-2022-38028 CVE-2023-49103 CVE-2023-20198 CVE-2023-40044 APT28 Rocke
Critical unauthenticated RCE flaw in OpenSSH server - MUST READ. Critical unauthenticated remote code execution flaw in OpenSSH server. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities ...
9 months ago Securityaffairs.com CVE-2024-29849 CVE-2023-49103 CVE-2023-20198 CVE-2023-38831 Rocke
VMware fixes critical Cloud Director auth bypass unpatched for 2 weeks - VMware has fixed a critical authentication bypass vulnerability in Cloud Director appliance deployments, a bug that was left unpatched for over two weeks since it was disclosed on November 14th. Cloud Director is a VMware platform that enables admins ...
1 year ago Bleepingcomputer.com CVE-2023-34060
Award-Winning Centralized Platform Helps Unlock Value Through Simplicity - Network operators need to cater to their customers by delivering services from anywhere between 1G to 100G speeds, while having the ability to aggregate into 400G networks. With the evolution of the network and emergence of more localized and ...
1 year ago Feedpress.me
Hackers target new MOVEit Transfer critical auth bypass bug - Threat actors are already trying to exploit a critical authentication bypass flaw in Progress MOVEit Transfer, less than a day after the vendor disclosed it. MOVEit Transfer is a managed file transfer solution used in enterprise environments to ...
9 months ago Bleepingcomputer.com CVE-2024-5806 CVE-2024-5805 Black Basta
Feds Disrupt Botnet Used by Russian APT28 Hackers - Federal law enforcement kicked Russian state hackers off a botnet comprising at least hundreds of home office and small office routers that had been pulled together by a cybercriminal group and co-opted by the state-sponsored spies. APT28, an ...
1 year ago Securityboulevard.com Fancy Bear APT28 Volt Typhoon
Malware botnet bricked 600,000 routers in mysterious 2023 event - A malware botnet named 'Pumpkin Eclipse' performed a mysterious destructive event in 2023 that destroyed 600,000 office/home office internet routers offline, disrupting customers' internet access. According to researchers at Lumen's Black Lotus Labs, ...
10 months ago Bleepingcomputer.com
Malware botnet bricked 600,000 routers in mysterious 2023 attack - A malware botnet named 'Pumpkin Eclipse' performed a mysterious destructive event in 2023 that destroyed 600,000 office/home office internet routers offline, disrupting customers' internet access. According to researchers at Lumen's Black Lotus Labs, ...
10 months ago Bleepingcomputer.com
Microsoft rolls out BIOS update that fixes ASUS blue screen issues - "Devices with ASUS models X415KA and X515KA running a BIOS version lower than 311 will need to install the latest BIOS update to remove the safeguard and proceed with the Windows 11, version 24H2 upgrade," Microsoft said. However, in a ...
2 months ago Bleepingcomputer.com
Patch Now: Attackers Pummel Critical, Easy-to-Exploit OwnCloud Flaw - Hackers are actively exploiting a critical flaw in the open source ownCloud platform that allows access to access admin passwords, mail server credentials, and license keys, exposing their enterprise to data breaches or other types of malicious ...
1 year ago Darkreading.com CVE-2023-49103 CVE-2023-49105 CVE-2023-49104
Remote Code Execution Vulnerabilities Discovered in TP-Link and Netcomm Routers - Latest research has uncovered alarming security vulnerabilities in popular TP-Link and Netcomm routers. The discovered vulnerabilities if exploited could potentially allow an attacker to gain unauthorized access to the routers and execute arbitrary ...
2 years ago Securityweek.com
CVE-2024-12912 - An improper input insertion vulnerability in AiCloud on certain router models may lead to arbitrary command execution. Refer to the '01/02/2025 ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information. ...
3 months ago Tenable.com
CVE-2025-2492 - An improper authentication control vulnerability exists in AiCloud. This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions. Refer to the 'ASUS Router AiCloud vulnerability' ...
1 day ago CVE-2025-2492
Juniper warns of critical RCE bug in its firewalls and switches - Juniper Networks has released security updates to fix a critical pre-auth remote code execution vulnerability in its SRX Series firewalls and EX Series switches. Found in the devices' J-Web configuration interfaces and tracked as CVE-2024-21591, this ...
1 year ago Bleepingcomputer.com CVE-2024-21591 CVE-2023-36844 CVE-2023-36845 CVE-2023-36846 CVE-2023-36847
Volt Typhoon Ramps Up Malicious Activity Against Critical Infrastructure - China-backed cyber espionage group Volt Typhoon is systematically targeting legacy Cisco devices in a sophisticated and stealthy campaign to grow its attack infrastructure. In many instances, the threat actor, known for targeting critical ...
1 year ago Darkreading.com Volt Typhoon
10 of the biggest zero-day attacks of 2023 - Here are 10 of the biggest zero-day attacks of 2023 in chronological order. Zero-day attacks started strong in 2023 with CVE-2023-0669, a pre-authentication command injection vulnerability in Fortra's GoAnywhere managed file transfer product. ...
1 year ago Techtarget.com CVE-2023-0669 CVE-2023-34362 CVE-2023-36884 CVE-2023-4863 CVE-2023-41992 CVE-2023-41991 CVE-2023-41993 CVE-2023-22515

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)