Tech News
← Back to articles

ASUS warns of critical auth bypass flaw in DSL series routers

2025-11-14 | original
read original related products more articles

ASUS has released new firmware to patch a critical authentication bypass security flaw impacting several DSL series router models.

Tracked as CVE-2025-59367, this vulnerability allows remote, unauthenticated attackers to log into unpatched devices exposed online in low-complexity attacks that don't require user interaction.

ASUS has released firmware version 1.1.2.3_1010 to address this vulnerability for DSL-AC51, DSL-N16, and DSL-AC750 router models.

"An authentication bypass vulnerability has been identified in certain DSL series routers, may allow remote attackers to gain unauthorized access into the affected system," ASUS explains.

"ASUS recommends update to the latest firmware to ensure your device remains protected. Download and install the latest firmware version 1.1.2.3_1010 for your device from the ASUS support page or your product page at ASUS Networking."

While the Taiwanese electronics manufacturer only mentions three affected router models, it also provides mitigation measures for users who can't immediately update their devices or have end-of-life models that will not receive firmware updates.

To block potential attacks without patching the routers, users are advised to disable any services accessible from the Internet, including remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port triggering, and FTP.

ASUS also recommends taking additional measures to secure routers and reduce the attack surface, including using complex passwords for the router administration page and wireless networks, regularly checking for security updates and new firmware, and avoiding the reuse of credentials.

While there are no reports of active exploitation, it is strongly recommended to install the latest firmware as soon as possible, as attackers commonly target router flaws to infect devices with botnet malware, which they then use in DDoS attacks.

For instance, in June, CISA added two older security flaws impacting ASUS RT-AX55 (CVE-2023-39780) and ASUS GT-AC2900 (CVE-2021-32030) routers to its catalog of actively exploited vulnerabilities.

... continue reading

Related:
Nintendo says it has 'no intention' of blocking third-party Switch 2 docks following firmware update that stopped them from working — accessory makers scramble to deploy workaround
Why Fei-Fei Li and Yann LeCun Are Both Betting on "World Models"
A Chinese AI model taught itself basic physics — what discoveries could it make?
Baidu unveils proprietary ERNIE 5 beating GPT-5 performance on charts, document understanding and more
OpenAI’s new LLM exposes the secrets of how AI really works

© 2025 GoKawiil