- Pro
- Security
Asus fixed a critical-severity router flaw
Comments (0) ()When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
(Image credit: Shutterstock / Sashkin)
- ASUS patches CVE-2025-593656, a critical authentication-bypass flaw in AiCloud-enabled routers
- Vulnerability allows unauthenticated RCE; users urged to update firmware or disable risky services
- Update fixed nine flaws overall, highlighting routers as prime cyberattack targets
Asus has patched a critical-level vulnerability in its router firmware which could be used in remote code execution (RCE) attacks. Given the potential risk, users are advised to apply the fix immediately.
In a security advisory published, Asus said it fixed CVE-2025-593656, a critical authentication-bypass vulnerability impacting the AiCloud remote-access/cloud feature found on certain routers.
- Amazon Black Friday deals are live: here are our picks!
The problem stems from its interaction with the Samba file-sharing code which was broken and allowed unauthenticated attackers to run OS commands without valid credentials.
You may like-
DrayTek warns Vigor routers may have serious security flaws - here's what we know
-
Asus routers across the globe hit by suspected Chinese cyberattack - here's what we know
-
TP-Link reveals more hardware security issues, so patch now or be at risk
Qilin takes the blame
The bug was given a severity score of 9.2/10 (critical), and affects these firmware versions:
3.0.0.4_386
3.0.0.4_388
3.0.0.6_102
Are you a pro? Subscribe to our newsletterContact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.It is difficult to determine an exact list of affected models, but in general - any Asus router that includes and enables AiCloud, while running the affected firmware versions, is potentially vulnerable. This also includes routers that reached end-of-life status.
Users should apply the fix as soon as possible or, alternatively, disable AiCloud, Samba/file-sharing, remote WAN access, port-forwarding, and any other internet-facing services. Updating the admin password and the WiFi password to something stronger is also advised,
While definitely the most dangerous one, this is not the only flaw Asus addressed in this security update. According to the advisory, a total of 9 vulnerabilities were addressed this time, with the majority having a medium, or high-severity rating.
You may like-
DrayTek warns Vigor routers may have serious security flaws - here's what we know
-
Asus routers across the globe hit by suspected Chinese cyberattack - here's what we know
-
TP-Link reveals more hardware security issues, so patch now or be at risk
Being the gateway to all data passing through a network, the router is the primary target in many cyberattacks. Asus is one of the world’s most popular hardware manufacturers whose devices are often abused, which is why patching is considered essential. In April this year, the company fixed a separate, critical authentication bypass flaw that also affected routers with AiCloud enabled.
Furthermore, recent reports said that cybercriminals engaged in the WrtHug attacks also abused vulnerabilities found in ASUS routers.
Via BleepingComputer
The best antivirus for all budgetsOur top picks, based on real-world testing and comparisons➡️ Read our full guide to the best antivirus1. Best overall:Bitdefender Total Security2. Best for families:Norton 360 with LifeLock3. Best for mobile:McAfee Mobile Security
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
Sead FadilpašićSocial Links NavigationSead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
Logout Read more
DrayTek warns Vigor routers may have serious security flaws - here's what we know
Asus routers across the globe hit by suspected Chinese cyberattack - here's what we know
TP-Link reveals more hardware security issues, so patch now or be at risk
WD patches NAS security flaw which could have allowed full takeover
Worrying TP-Link router flaws could let botnets attack your Microsoft 365 accounts - so update now
D-Link routers under threat from dangerous flaw - here's how to stay safe
Latest in Security
Malicious Blender model files deliver StealC infostealing malware
Popular JavaScript library can be hacked to allow attackers into user accounts
Maybe don't trust every Windows Update without checking - hackers hijack images to spread dangerous malware
This devious botnet tried a trial run during the recent AWS outage - so when will it be back?
These worrying security flaws could put every major cloud provider at risk - here's what we know so far
Asahi confirms cyberattack leaked data on 1.5 million customers
Latest in News
OpenAI apologizes for big Mixpanel data breach that exposed emails and more
Claude Opus 4.5 is now live and "meaningfully better" at everyday tasks
NYT Connections hints and answers for Friday, November 28 (game #901)
NYT Strands hints and answers for Friday, November 28 (game #635)
Quordle hints and answers for Friday, November 28 (game #1404)
Marvel Rivals is having a Black Friday Blowout to celebrate the game's first anniversary – here's how it works
LATEST ARTICLES- 1Amazon Singapore's Black Friday sale is slashing prices on top-rated tech – these are my 70+ favourite deals so far
- 2After a year of using Threat Protection Pro, a NordVPN Plus plan might be the only Black Friday VPN deal I recommend
- 3These worrying security flaws could put every major cloud provider at risk - here's what we know so far
- 4OpenAI apologizes for big Mixpanel data breach that exposed emails and more
- 5Claude Opus 4.5 is now live and "meaningfully better" at everyday tasks
