ASUS warns of critical auth bypass flaw in routers using AiCloud

The vulnerability discovered in AiCloud impacts a broad range of models, with ASUS releasing fixes for multiple firmware branches, including 3.0.0.4_382 series, 3.0.0.4_386 series, 3.0.0.4_388 series, and 3.0.0.6_102 series. It allows users to access files stored on USB drives connected to the router from anywhere over the internet, stream media remotely, sync files between home networks and other cloud storage services, and share files with others via links. "An improper authentication control vulnerability exists in certain ASUS router firmware series," reads the vendor's bulletin. ASUS is warning about an authentication bypass vulnerability in routers with AiCloud enabled that could allow remote attackers to perform unauthorized execution of functions on the device. ASUS also advises users to use distinct passwords to secure their wireless network and router administration page, and make sure they're at least 10 characters long with a mix of letters, numbers, and symbols. Impacted users of end-of-life products are advised to disable AiCloud entirely and turn off internet access for WAN, port forwarding, DDNS, VPN server, DMZ, port triggering, and FTP services. Users are recommended to upgrade to the latest firmware version available for their model, which they can find on the vendor's support portal or the product finder page. Therefore, it is strongly advised that ASUS router users upgrade to the latest firmware as soon as possible. AiCloud is a cloud-based remote access feature built into many ASUS routers, turning them into mini private cloud servers. Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. The vulnerability, tracked under CVE-2025-2492 and rated critical (CVSS v4 score: 9.2), is remotely exploitable via a specially crafted request and requires no authentication, making it particularly dangerous. While there are no reports of active exploitation or a public proof-of-concept exploit for CVE-2025-2492, attackers commonly target these flaws to infect devices with malware or recruit them into DDoS swarms.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 18 Apr 2025 16:10:29 +0000


Cyber News related to ASUS warns of critical auth bypass flaw in routers using AiCloud

ASUS warns of critical auth bypass flaw in routers using AiCloud - The vulnerability discovered in AiCloud impacts a broad range of models, with ASUS releasing fixes for multiple firmware branches, including 3.0.0.4_382 series, 3.0.0.4_386 series, 3.0.0.4_388 series, and 3.0.0.6_102 series. It allows users to access ...
1 month ago Bleepingcomputer.com CVE-2025-2492
ASUS DriverHub flaw let malicious sites run commands with admin rights - The ASUS DriverHub driver management utility was vulnerable to a critical remote code execution flaw that allowed malicious sites to execute commands on devices with the software installed. The flaw was discovered by an independent cybersecurity ...
2 weeks ago Bleepingcomputer.com
CVE-2024-0401 - ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. An authenticated and remote attacker can execute arbitrary operating system commands by uploading a crafted OVPN profile. Known affected routers include ...
1 year ago
14 New DrayTek routers' flaws impacts over 700,000 devices in 168 countries - Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. Multiple flaws in DrayTek ...
7 months ago Securityaffairs.com CVE-2024-45519 CVE-2024-29849 CVE-2024-41585
Juniper releases out-of-cycle fix for max severity auth bypass flaw - Juniper Networks has released an emergency update to address a maximum severity vulnerability that leads to authentication bypass in Session Smart Router, Session Smart Conductor, and WAN Assurance Router products. The security issue is tracked as ...
11 months ago Bleepingcomputer.com CVE-2024-2973
Juniper releases out-of-cycle fix for max severity auth bypass flaw - Juniper Networks has released an emergency update to address a maximum severity vulnerability that leads to authentication bypass in Session Smart Router, Session Smart Conductor, and WAN Assurance Router products. The security issue is tracked as ...
11 months ago Bleepingcomputer.com CVE-2024-2973
DrayTek Routers at Risk From 14 New Vulnerabilities - The advice comes amid signs of growing threat actor activity — including by nation-state actors — targeting vulnerabilities in routers and other network devices from DrayTek and a variety of other vendors, including Fortinet, F5, QNAP, Ivanti, ...
7 months ago Darkreading.com CVE-2024-41592 CVE-2024-41585 CVE-2021-20123 CVE-2021-20124
"Sierra:21" vulnerabilities impact critical infrastructure routers - A set of 21 newly discovered vulnerabilities impact Sierra OT/IoT routers and threaten critical infrastructure with remote code execution, unauthorized access, cross-site scripting, authentication bypass, and denial of service attacks. The flaws ...
1 year ago Bleepingcomputer.com
Juniper Networks fixed a critical authentication bypass flaw in some of its routers - MUST READ. Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities catalog. Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 ...
11 months ago Securityaffairs.com CVE-2024-0769 CVE-2022-38028 CVE-2024-0204 CVE-2023-49103 CVE-2023-38831 CVE-2023-40044 APT28 Rocke
VMWare discloses critical VCD Appliance auth bypass with no patch - VMware disclosed a critical and unpatched authentication bypass vulnerability affecting Cloud Director appliance deployments. Cloud Director enables VMware admins to manage their organizations' cloud services as part of Virtual Data Centers. The auth ...
1 year ago Bleepingcomputer.com CVE-2023-34060
Critical Apache Log4j2 flaw still threatens global finance - Critical Apache Log4j2 flaw still threatens global finance. CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. Russia-linked APT28 used post-compromise ...
11 months ago Securityaffairs.com CVE-2022-38028 CVE-2023-49103 CVE-2023-20198 CVE-2023-40044 APT28 Rocke
Critical unauthenticated RCE flaw in OpenSSH server - MUST READ. Critical unauthenticated remote code execution flaw in OpenSSH server. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities ...
11 months ago Securityaffairs.com CVE-2024-29849 CVE-2023-49103 CVE-2023-20198 CVE-2023-38831 Rocke
Award-Winning Centralized Platform Helps Unlock Value Through Simplicity - Network operators need to cater to their customers by delivering services from anywhere between 1G to 100G speeds, while having the ability to aggregate into 400G networks. With the evolution of the network and emergence of more localized and ...
1 year ago Feedpress.me
VMware fixes critical Cloud Director auth bypass unpatched for 2 weeks - VMware has fixed a critical authentication bypass vulnerability in Cloud Director appliance deployments, a bug that was left unpatched for over two weeks since it was disclosed on November 14th. Cloud Director is a VMware platform that enables admins ...
1 year ago Bleepingcomputer.com CVE-2023-34060
FBI: End-of-life routers hacked for cybercrime proxy networks - In a related bulletin, the agency confirms that many of these routers are infected with a variant of the "TheMoon" malware, which enables threat actors to configure them as proxies. The FBI warns that threat actors are deploying malware on ...
3 weeks ago Bleepingcomputer.com
Hackers target new MOVEit Transfer critical auth bypass bug - Threat actors are already trying to exploit a critical authentication bypass flaw in Progress MOVEit Transfer, less than a day after the vendor disclosed it. MOVEit Transfer is a managed file transfer solution used in enterprise environments to ...
11 months ago Bleepingcomputer.com CVE-2024-5806 CVE-2024-5805 Black Basta
Feds Disrupt Botnet Used by Russian APT28 Hackers - Federal law enforcement kicked Russian state hackers off a botnet comprising at least hundreds of home office and small office routers that had been pulled together by a cybercriminal group and co-opted by the state-sponsored spies. APT28, an ...
1 year ago Securityboulevard.com Fancy Bear APT28 Volt Typhoon
Malware botnet bricked 600,000 routers in mysterious 2023 event - A malware botnet named 'Pumpkin Eclipse' performed a mysterious destructive event in 2023 that destroyed 600,000 office/home office internet routers offline, disrupting customers' internet access. According to researchers at Lumen's Black Lotus Labs, ...
1 year ago Bleepingcomputer.com
Malware botnet bricked 600,000 routers in mysterious 2023 attack - A malware botnet named 'Pumpkin Eclipse' performed a mysterious destructive event in 2023 that destroyed 600,000 office/home office internet routers offline, disrupting customers' internet access. According to researchers at Lumen's Black Lotus Labs, ...
1 year ago Bleepingcomputer.com
Microsoft rolls out BIOS update that fixes ASUS blue screen issues - "Devices with ASUS models X415KA and X515KA running a BIOS version lower than 311 will need to install the latest BIOS update to remove the safeguard and proceed with the Windows 11, version 24H2 upgrade," Microsoft said. However, in a ...
3 months ago Bleepingcomputer.com
Remote Code Execution Vulnerabilities Discovered in TP-Link and Netcomm Routers - Latest research has uncovered alarming security vulnerabilities in popular TP-Link and Netcomm routers. The discovered vulnerabilities if exploited could potentially allow an attacker to gain unauthorized access to the routers and execute arbitrary ...
2 years ago Securityweek.com
Patch Now: Attackers Pummel Critical, Easy-to-Exploit OwnCloud Flaw - Hackers are actively exploiting a critical flaw in the open source ownCloud platform that allows access to access admin passwords, mail server credentials, and license keys, exposing their enterprise to data breaches or other types of malicious ...
1 year ago Darkreading.com CVE-2023-49103 CVE-2023-49105 CVE-2023-49104
CVE-2024-12912 - An improper input insertion vulnerability in AiCloud on certain router models may lead to arbitrary command execution. Refer to the '01/02/2025 ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information. ...
4 months ago Tenable.com
CVE-2025-2492 - An improper authentication control vulnerability exists in AiCloud. This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions. Refer to the 'ASUS Router AiCloud vulnerability' ...
1 month ago CVE-2025-2492