Pierluigi Paganini November 14, 2025

ASUS fixed a critical auth-bypass flaw (CVE-2025-59367) in DSL routers that let remote, unauthenticated attackers access devices with ease.

ASUS patched a critical auth-bypass flaw, tracked as CVE-2025-59367 (CVSS score of 9.3), in multiple DSL routers that allows remote, unauthenticated attackers to easily access unpatched devices.

The vulnerability impacts DSL-AC51, DSL-N16, DSL-AC750 router families, the vendor released firmware version 1.1.2.3_1010 to address it.

“A security vulnerability has been identified in certain ASUS DSL Series Router.” reads the advisory. “ASUS recommends update to the latest firmware to ensure your device remains protected.”

The Taiwanese vendor recommends that customers update to the latest firmware.

For unsupported EOL models, use strong unique router and Wi-Fi passwords and disable all internet-exposed services (WAN access, port forwarding, DDNS, VPN server, DMZ, port triggering, FTP).

The company recommends using strong, unique passwords (10+ chars with symbols and numbers) for Wi-Fi and router admin, avoiding reusing them, and regularly checking for firmware and security updates.

Networking devices such as ASUS routers are a prime target of botnets. In May 2025, GreyNoise researchers warned of a new AyySSHush botnet that compromised over 9,000 ASUS routers, adding a persistent SSH backdoor.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, DSL series routers)