CyberSecurityBoard
Sponsor Register Login

Critical ASUS Router Vulnerability Let Attackers Malicious Code Remotely

Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Kaaviya is a Security Editor and fellow reporter with Cyber Security News. However, given the critical nature of the flaw and the high value of compromised routers to cybercriminals, experts warn that attacks could emerge soon if devices remain unpatched. ASUS users are advised to act immediately by updating firmware, hardening passwords, and disabling unnecessary services to mitigate the risk of remote compromise. No user interaction is required for the exploit to succeed, and the attack can be conducted remotely over the internet, making unpatched devices particularly vulnerable. The flaw, tracked as CVE-2025-2492, has received a CVSS v4 score of 9.2, placing it among the most severe vulnerabilities affecting consumer networking equipment this year. This means that a remote attacker, without any valid credentials, could potentially execute arbitrary commands or malicious code on the affected router. While convenient, its exposure to the internet makes it a prime target for attackers seeking to compromise home and small business networks. Users are strongly urged to update their router firmware immediately via the official ASUS support portal or product page. She is covering various cyber security incidents happening in the Cyber Space. By crafting a malicious request, attackers can trigger the vulnerability and perform unauthorized actions on the device.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 21 Apr 2025 08:55:09 +0000


Cyber News related to Critical ASUS Router Vulnerability Let Attackers Malicious Code Remotely

ASUS DriverHub flaw let malicious sites run commands with admin rights - The ASUS DriverHub driver management utility was vulnerable to a critical remote code execution flaw that allowed malicious sites to execute commands on devices with the software installed. The flaw was discovered by an independent cybersecurity ...
1 month ago Bleepingcomputer.com
CVE-2024-0401 - ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. An authenticated and remote attacker can execute arbitrary operating system commands by uploading a crafted OVPN profile. Known affected routers include ...
1 year ago
ASUS warns of critical auth bypass flaw in routers using AiCloud - The vulnerability discovered in AiCloud impacts a broad range of models, with ASUS releasing fixes for multiple firmware branches, including 3.0.0.4_382 series, 3.0.0.4_386 series, 3.0.0.4_388 series, and 3.0.0.6_102 series. It allows users to access ...
2 months ago Bleepingcomputer.com CVE-2025-2492
CVE-2024-43783 - The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Instances of the Apollo Router running versions >=1.21.0 and < 1.52.1 are impacted by a denial ...
9 months ago
Critical ASUS Router Vulnerability Let Attackers Malicious Code Remotely - Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Kaaviya is a Security Editor and fellow reporter with Cyber Security News. However, given the critical nature of the flaw and ...
2 months ago Cybersecuritynews.com CVE-2025-2492
Microsoft rolls out BIOS update that fixes ASUS blue screen issues - "Devices with ASUS models X415KA and X515KA running a BIOS version lower than 311 will need to install the latest BIOS update to remove the safeguard and proceed with the Windows 11, version 24H2 upgrade," Microsoft said. However, in a ...
4 months ago Bleepingcomputer.com
CVE-2018-14993 - The ASUS Zenfone V Live Android device with a build fingerprint of asus/VZW_ASUS_A009/ASUS_A009:7.1.1/NMF26F/14.0610.1802.78-20180313:user/release-keys and the Asus ZenFone 3 Max Android device with a build fingerprint of ...
5 years ago
CVE-2018-14992 - The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains a pre-installed platform app with a package name of com.asus.dm (versionCode1510500200, ...
4 years ago
CVE-2023-41317 - The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Affected versions are subject to a Denial-of-Service (DoS) type vulnerability which causes the Router to ...
1 year ago
CVE-2024-32971 - Apollo Router is a configurable, graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. The affected versions of Apollo Router contain a bug that in limited circumstances, could lead to unexpected operations being ...
1 year ago
React Router Vulnerabilities Let Attackers Spoof Contents & Modify Values - To exploit this vulnerability, an attacker needs no special privileges-they simply add the malicious header to requests targeting pages that use loaders in applications running React Router in Framework mode. The first vulnerability, assigned a CVSS ...
1 month ago Cybersecuritynews.com
ASUS releases fix for AMI bug that lets hackers brick servers - After downloading the latest BMC firmware update (.ima file), you can apply it through the web interface > Maintenance > Firmware Update, select the file, and click 'Start Firmware Update.' It is also recommended that you check the 'Full Flash' ...
1 month ago Bleepingcomputer.com CVE-2024-54085
Tenda AC7 Routers Vulnerability Let Attackers Gain Root Shell With Malicious Payload - In the absence of an official patch, network administrators should consider implementing additional security measures, such as restricting access to the router’s management interface to trusted devices only. Attackers within the same network as ...
3 months ago Cybersecuritynews.com
CVE-2018-14979 - The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains a pre-installed app with a package name of com.asus.loguploader (versionCode1570000275, ...
6 years ago
CVE-2024-50572 - A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), ...
7 months ago Tenable.com
CVE-2024-50557 - A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), ...
7 months ago Tenable.com
CVE-2023-45812 - The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Affected versions are subject to a Denial-of-Service (DoS) type vulnerability which causes the Router to ...
1 year ago
CVE-2024-50561 - A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), ...
7 months ago Tenable.com
CVE-2024-50560 - A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), ...
7 months ago Tenable.com
CVE-2024-50559 - A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), ...
7 months ago Tenable.com
CVE-2024-50558 - A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), ...
7 months ago Tenable.com
Juniper releases out-of-cycle fix for max severity auth bypass flaw - Juniper Networks has released an emergency update to address a maximum severity vulnerability that leads to authentication bypass in Session Smart Router, Session Smart Conductor, and WAN Assurance Router products. The security issue is tracked as ...
11 months ago Bleepingcomputer.com CVE-2024-2973
Juniper releases out-of-cycle fix for max severity auth bypass flaw - Juniper Networks has released an emergency update to address a maximum severity vulnerability that leads to authentication bypass in Session Smart Router, Session Smart Conductor, and WAN Assurance Router products. The security issue is tracked as ...
11 months ago Bleepingcomputer.com CVE-2024-2973
Router maker's support portal responds with MetaMask phishing - BleepingComputer has verified that the helpdesk portal of a router maker is currently sending MetaMask phishing emails in response to newly filed support tickets, in what appears to be a compromise. The Canadian router manufacturer, Mercku provides ...
11 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)