ASUS has released an emergency firmware update to remediate CVE-2025-59367, a critical authentication bypass in several DSL router models. If exposed to the internet, a remote attacker could gain full administrative control without a password. Users are urged to patch immediately.
What happened: critical authentication bypass in ASUS DSL routers
According to ASUS, affected devices contain a flaw that enables authentication bypass on management services. In practical terms, an attacker who can reach the router’s WAN-accessible interface can interact with administrative functions without valid credentials. No user interaction is required; the only prerequisite is external reachability of the management or other network services.
Affected models and fixed firmware version
The issue impacts DSL-AC51, DSL-N16, and DSL-AC750. ASUS has published firmware version 1.1.2.3_1010, which closes the authentication bypass path and hardens embedded management services. Users should verify the exact model and build number before applying the update and obtain firmware only from ASUS’s official support portal.
Why the risk is high: remote device takeover without a password
This class of bug is especially dangerous for SOHO gear because it combines remote reachability, no user interaction, and a bypass of password checks. Similar router vulnerabilities have been rapidly weaponized in the past for botnets such as Mirai and Mozi, as well as in more sophisticated campaigns like VPNFilter, where compromised devices facilitated espionage, traffic proxying, and lateral movement. Security telemetry from organizations such as CISA, Shadowserver, and GreyNoise consistently shows that widespread scanning for newly disclosed router flaws often begins shortly after advisories are published, increasing the likelihood of opportunistic compromise.
Immediate mitigations if you cannot update right away
If patching is not immediately possible, temporarily disable any service reachable from the internet: WAN remote management, port forwarding, DDNS, VPN server, DMZ, port triggering, and FTP. Use unique, strong passwords for the admin console and Wi‑Fi, and avoid reusing credentials across services. Check for updates frequently until you can apply firmware 1.1.2.3_1010.
Hardening recommendations to reduce exposure
Limit access to the admin interface strictly to the local network or a small allowlist of trusted IP addresses. Disable UPnP and WPS if not explicitly required. Enable the device firewall and prefer HTTPS for management. Isolate IoT devices on a separate guest SSID and enforce WPA2/WPA3 encryption. Periodically verify that management ports are not exposed to the internet by checking your external perimeter with reputable scanners or your ISP’s tools.
Assessing exposure and preparing for the upgrade
Confirm that the web admin interface and services like Telnet/SSH or FTP are not reachable from the WAN. If the router is ISP-supplied or managed, coordinate the update with the provider’s support team. Before upgrading, back up your configuration. After applying firmware 1.1.2.3_1010, re-check administrative settings to ensure remote access features did not revert to permissive defaults.
Why fast patching matters for SOHO routers
Internet-facing networking gear is a prime target for automated scanners and botnets. IPv4-wide scanning is trivial for attackers and reduces the time between disclosure and exploitation. Industry reports routinely document exploitation attempts beginning within hours to days of public advisories. Promptly applying vendor updates, minimizing the attack surface, and enforcing strong authentication are the most effective controls to disrupt this kill chain.
CVE-2025-59367 is a clear reminder that routine cyber hygiene—rapid patching, least-exposed configurations, and robust credentials—materially lowers risk. Owners of DSL-AC51, DSL-N16, and DSL-AC750 should install firmware 1.1.2.3_1010 without delay, disable unnecessary WAN-facing services, and tighten access to the admin console. These steps significantly reduce the chance of device takeover and help prevent your router from being weaponized against your own network or others.
