469/68 Monday, November 17, 2025
ASUS has released an update to fix a critical vulnerability identified as CVE-2025-59367 (CVSS 9.3), an authentication bypass flaw that allows remote attackers to access unpatched routers without authentication. The vulnerability affects the following DSL router models: DSL-AC51, DSL-N16, and DSL-AC750. ASUS has issued firmware version 1.1.2.3_1010 to address the issue and strongly recommends users update their devices immediately to ensure security.
ASUS also advises users of End-of-Life (EOL) router models to set strong, unique passwords for both Wi-Fi and the router’s admin interface, and to disable all externally exposed services (such as WAN Access, Port Forwarding, DDNS, VPN Server, DMZ, Port Triggering, FTP) to minimize attack surface. Users should also regularly check for firmware updates, as networking devices-especially ASUS routers-are frequent targets for botnets.
In May 2025, researchers at GreyNoise reported a widespread botnet campaign called AyySSHush, which compromised over 9,000 ASUS routers by installing an SSH backdoor. This highlights the importance of keeping firmware updated and disabling unnecessary services to prevent similar intrusions.
