1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • ASUS reveals critical security flaw affecting AiCloud routers, so

    From TechnologyDaily@1337:1/100 to All on Mon Apr 21 13:15:07 2025
    ASUS reveals critical security flaw affecting AiCloud routers, so patch now

    Date:
    Mon, 21 Apr 2025 12:04:00 +0000

    Description:
    There is a way for hackers to remotely run commands on the router.

    FULL STORY ======================================================================ASUS patches a 9.2-rated security flaw in certain routers The flaw stems from AiCloud, a personal cloud server feature There's no evidence of abuse yet,
    but users should be wary

    ASUS has released a fix for a critical-severity vulnerability affecting routers with AiCloud enabled which could allow threat actors to execute functions on the exposed devices remotely and without authorization.

    It is tracked as CVE-2025-2492, and was given a severity score of 9.2/10 (critical). It can be exploited via a custom-tailored request.

    This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions, the NVD page reads.

    Get Keeper Personal for just $1.67/month, Keeper Family for just
    $3.54/month, and Keeper Business for just $7/month

    Keeper is a cybersecurity platform primarily known for its password manager and digital vault, designed to help individuals, families, and businesses securely store and manage passwords, sensitive files, and other private data.

    It uses zero-knowledge encryption and offers features like two-factor authentication, dark web monitoring, secure file storage, and breach alerts
    to protect against cyber threats.

    Preferred partner ( What does this mean? ) View Deal Safeguarding the device

    AiCloud is a feature integrated into many ASUS routers that transforms the home network into a personal cloud server.

    Users can then access, stream, sync, and share files stored on USB drives connected to the router from anywhere with an internet connection.

    The flaw was found in firmware versions released after February 2025,
    meaning: 3.0.0.4_382, 3.0.0.4_386, 3.0.0.4_388, and 3.0.0.6_102.

    According to CyberInsider , such features often become attractive targets for threat actors, since they are exposing sensitive data to the internet.

    Therefore, it would be wise not to delay deploying the patch. Depending on
    the model, there are different firmware versions that can be downloaded directly from the ASUS website.

    The flaw also affects a few devices that reached end-of-life, which should
    now have AiCloud entirely disabled. Internet access for WAN should also be disabled, as well as port forwarding, DDNS, VPN server, DMZ, port triggering, and FTP services.

    The company did not say if the flaw is being abused in the wild or not, but
    at press time, it was not added to CISAs KEV, which is usually a good litmus paper for actively exploited flaws.

    According to BleepingComputer , the critical CVSS rating implies the exploitation could have a significant impact. ASUS also told its users to use unique, strong passwords to secure their wireless networks and router administration pages.

    That means making passwords at least 10 characters long, and making them a
    mix of lowercase and uppercase letters, numbers, and special symbols. You might also like Cisco warns a decade-old vulnerability is back and targeting users Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/asus-reveals-critical-security-flaw-aff ecting-aicloud-routers-so-patch-now


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)