Critical security vulnerability: Attackers can take over Asus DSL routers

If attackers exploit a "critical" security vulnerability in certain Asus DSL router models, they can gain full control over devices with relatively little effort. An update closes the vulnerability.

Locking out attackers

According to a warning from the manufacturer specifically the DSL-AC51, DSL-AC750, and DSL-N16 DSL routers are threatened. According to the description of the vulnerability (CVE-2025-59367) remote attackers can exploit the gap without authentication. The login can be bypassed in an unspecified way. How attacks could proceed in detail and whether there are already attacks is not yet known. To protect routers, owners of affected models must install firmware 1.1.2.3_1010.

Whether routers for which support (End-of-Life, EOL) has already expired are also affected is not clear from the warning. In any case, Asus provides security tips for EOL models. For example, they should not be set up for remote access via VPN, for instance, and thus be accessible from the internet. Furthermore, the manufacturer provides standard security tips on strong passwords and regularly checking for security updates.

Most recently, there were attacks on Asus routers in June of this year.

(des)