146/68 Monday, April 21, 2025
ASUS has issued a security advisory regarding a critical vulnerability in its routers that have the AiCloud feature enabled, tracked as CVE-2025-2492 with a CVSS severity score of 9.2. The flaw stems from improper authentication control, potentially allowing unauthorized remote attackers to take control of the router’s functions.
To mitigate the risk, ASUS has released firmware updates addressing the issue in the following versions:
- 3.0.0.4_382
- 3.0.0.4_386
- 3.0.0.4_388
- 3.0.0.6_102
ASUS strongly recommends users to update to the latest firmware immediately. Additionally, users should set strong, unique passwords for both Wi-Fi and the admin interface, with at least 10 characters, including uppercase letters, numbers, and symbols.
For users unable to update due to unsupported or End-of-Life (EoL) devices, ASUS advises taking the following precautionary steps:
- Change all default passwords to strong ones
- Disable internet-exposed services such as AiCloud, Remote Access, Port Forwarding, VPN Server, and FTP
These measures are crucial to minimize the risk of remote exploitation and protect the network from potential intrusions.
Source https://thehackernews.com/2025/04/asus-confirms-critical-flaw-in-aicloud.html
