ASUS has recently addressed a vulnerability in routers that were equipped with AiCloud, which could potentially allow unauthorized commands to be executed on the device. It is essential for users to update their routers with the latest firmware release in order to receive the patch and mitigate any potential threats.
Security Vulnerability Impacting ASUS Routers with AiCloud
ASUS routers were found to have a critical security vulnerability that posed a risk to users’ security. According to a recent advisory by ASUS, a critical authentication bypass vulnerability in routers with AiCloud enabled was patched. The vulnerability, identified as CVE-2025-2492, was rated with a CVSS score of 9.2.
ASUS described the issue in their advisory, stating that the vulnerability stemmed from improper authentication control. An attacker could exploit this flaw by sending malicious requests to the target router. Successful exploitation of the vulnerability could allow unauthorized execution of malicious functions on the device.
The company released new firmware updates (post-February 2025) for the 3.0.0.4_382, 3.0.0.4_386, 3.0.0.4_388, and 3.0.0.6_102 series to address this vulnerability. Users are advised to update their devices with these patches to safeguard against potential attacks.
In addition to firmware updates, ASUS also recommended users to use strong passwords for their routers, incorporating a combination of alphanumeric and symbols. It is also suggested to use different passwords for the router administration page and the wireless network.
Recommended Steps for End-of-Life Routers
While updating router firmware is crucial for patching this vulnerability, some routers may have reached their end-of-life and are ineligible for further updates. ASUS recommends users of such routers to set up strong WiFi and login passwords, disable AiCloud, and avoid enabling services accessible from the internet such as port forwarding, port triggering, FTP, DDNS, and VPN server.
Although there have been no reports of active exploitation attempts for this vulnerability, it is important to patch and secure vulnerable routers to protect all connected devices, especially with the availability of the patch and public disclosure of the vulnerability details.
AiCloud is a cloud-based feature that allows remote access on ASUS routers, enabling users to access drives connected to the router from anywhere within the network. Beyond drive access, AiCloud can be used for file sharing, network syncing, and media streaming.
Share your thoughts in the comments below.
