ASUS has issued new firmware updates to fix a critical authentication bypass flaw affecting multiple DSL-series routers, warning customers that unpatched devices exposed to the internet are vulnerable to remote compromise.
The flaw, tracked as CVE-2025-59367, allows unauthenticated attackers to log into impacted routers without user interaction. ASUS said the attack is low-complexity and can be carried out remotely against devices that have not been updated.
Critical Vulnerability Allowing Remote Access to Routers Without Credentials
ASUS released firmware version 1.1.2.3_1010 for three router models—DSL-AC51, DSL-N16, and DSL-AC750—to block the authentication bypass. The company said the flaw was discovered in specific DSL-series devices that improperly validated access requests.
An ASUS advisory explained:
“An authentication bypass vulnerability has been identified in certain DSL series routers, may allow remote attackers to gain unauthorized access into the affected system.”
The company urged users to immediately install the latest firmware through the ASUS support portal or the product’s Networking page, emphasizing that timely updates are essential due to the severity of the flaw.
Mitigation Guidance for Users Unable to Patch or Running End-of-Life Models
Although only three models were explicitly listed, ASUS also published security recommendations for users who cannot update their routers or still operate end-of-life hardware that will not receive firmware patches.
Those unable to apply the update are advised to disable all services accessible from the internet, including remote WAN access, port forwarding, DDNS, VPN server features, DMZ settings, port triggering, and FTP. These steps prevent attackers from reaching the router’s management interface.
ASUS further encouraged customers to harden their devices by using strong, unique passwords for administrative access and Wi-Fi networks, checking for available firmware updates regularly, and avoiding credential reuse across services.
Rising Threat of Router Exploitation for Botnets and DDoS Campaigns
While ASUS has not reported any in-the-wild exploitation of CVE-2025-59367, security experts consistently warn that router vulnerabilities are frequent targets for botnet operators. Compromised routers are commonly hijacked to build large-scale distributed denial-of-service (DDoS) networks.
Recent activity highlights this trend. In June, CISA added two older ASUS router flaws—CVE-2023-39780 and CVE-2021-32030—to its catalog of actively exploited vulnerabilities. At the time, security researchers at GreyNoise and Sekoia revealed that an advanced threat group known as Vicious Trap was abusing both vulnerabilities to backdoor thousands of ASUS routers in an operation designed to assemble a new botnet named AyySSHush.
Earlier this year, ASUS also patched another high-risk authentication bypass flaw (CVE-2025-2492) affecting a broad range of router models with the AiCloud service enabled, underscoring the consistent targeting of consumer networking hardware by threat actors.
