InfoSecBulletin Cybersecurity for mankind
Hackers can exploit a vulnerability in Asus routers to execute unauthorized functions. This serious issue, rated 9.2 out of 10, has prompted the company to advise users to update the firmware of Asus routers that use AiCloud.
Asus AiCloud is a cloud storage and remote access service for ASUS routers, popular in the US, especially among gamers and tech enthusiasts.
Russia detects first SuperCard malware attacks via NFC
Income Property Investments exposes 170,000+ Individuals record
ALERT (CVE: 2023-28771)
Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs
CISA Flags Active Exploits in Apple iOS and TP-Link Routers
10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online
Canada 2nd largest airlines “WestJet” investigates cyberattack disrupting internal systems
Paraguay 7.4 Million Citizen Records Leaked on Dark Web
High-Severity Flaw in HashiCorp Nomad Allows Privilege Escalation
SoftBank: Over 137,000 personal info leaked
Alert
Trend Micro Apex One Flaw Allow Attackers to Inject Malicious Code
“An improper authentication control vulnerability exists in certain ASUS router firmware series. This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions,” Asus warns in a security advisory.
A new firmware update is available for the 3.0.0.4_382, 3.0.0.4_386, 3.0.0.4_388, and 3.0.0.6_102 series.
CVE-2025-2492 is a vulnerability in the vendor’s latest networking devices. It’s uncertain if it is currently being exploited by threat actors.
“Update your router with the newest firmware,” Asus added.
The newest firmware can be found on the Asus support or relevant product pages.
Asus advises users unable to quickly update firmware or with end-of-life devices to disable AiCloud and other internet-accessible services, including remote WAN access, port forwarding, DDNS, VPN server, DMZ, port triggering, and FTP.
Asus also recommends using different passwords for the wireless network and router administration page.
“Use passwords that are at least 10 characters long and contain a mix of capital letters, numbers, and symbols. Do not use the same password for more than one device or service. Do not use passwords with consecutive numbers or letters, such as 1234567890, abcdefghij, or qwertyuiop,” Asus’s advisory reads.
