CVE-2025-59367
published 2025-11-13CVE-2025-59367: An authentication bypass vulnerability has been identified in certain DSL series routers, may allow remote attackers to gain unauthorized access into the…
PriorityP272critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.81%
52.4th percentile
An authentication bypass vulnerability has been identified in certain DSL series routers, may allow remote attackers to gain unauthorized access into the affected system. Refer to the 'Security Update for DSL Series Router' section on the ASUS Security Advisory for more information.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| asus | dsl-ac51 | — | — |
| asus | dsl-ac51_firmware | < 1.1.2.3_1010 | 1.1.2.3_1010 |
| asus | dsl-ac750 | — | — |
| asus | dsl-ac750_firmware | < 1.1.2.3_1010 | 1.1.2.3_1010 |
| asus | dsl-n16 | — | — |
| asus | dsl-n16_firmware | < 1.1.2.3_1010 | 1.1.2.3_1010 |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2025-59367 is an authentication bypass requiring no user interaction and no privileges — detect unauthenticated login attempts against ASUS DSL-series router admin interfaces exposed on WAN ↗
- →Affected models for CVE-2025-59367 are DSL-AC51, DSL-N16, and DSL-AC750 — scope detection and asset inventory to these specific ASUS DSL router models ↗
- →In the broader WrtHug campaign context, watch for replacement of the default ASUS-generated self-signed TLS certificate on router services with a new self-signed certificate having a 100-year lifetime — a key IOC for compromise ↗
- ·Patched firmware version is 1.1.2.3_1010 — devices not yet on this version for DSL-AC51, DSL-N16, and DSL-AC750 remain vulnerable to CVE-2025-59367 ↗
- ·If patching is not immediately possible, ASUS advises disabling all WAN-facing services as a mitigation — remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port triggering, and FTP should all be disabled ↗
- ·End-of-life devices that will not receive the firmware update have no vendor-supported patch path; disabling internet-facing services or replacing the device is the only mitigation ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bleepingcomputer
New WrtHug campaign hijacks thousands of end-of-life ASUS routers
blogs_bleepingcomputer·2025-11-19·CVSS 8.8
[HIGH] New WrtHug campaign hijacks thousands of end-of-life ASUS routers
## New WrtHug campaign hijacks thousands of end-of-life ASUS routers
## Bill Toulas
Thousands of ASUS WRT routers, mostly end-of-life or outdated devices, have been hijacked in a global campaign called Operation WrtHug that exploits six vulnerabilities.
Over the past six months, scanners looking for ASUS devices compromised in Operation WrtHug identified "roughly 50,000 unique IPs" around the globe.
Most of the compromised devices have IP addresses located in Taiwan, while others are distributed across Southeast Asia, Russia, Central Europe, and the United States.
Notably, there are no observed infections within China, which may indicate a threat actor from this country, but researchers found insufficient evidence for high-confidence attribution.
According to SecurityScorecard’s STRI
Bleepingcomputer
ASUS warns of critical auth bypass flaw in DSL series routers
blogs_bleepingcomputer·2025-11-14·CVSS 9.3
CVE-2025-59367 [CRITICAL] ASUS warns of critical auth bypass flaw in DSL series routers
## ASUS warns of critical auth bypass flaw in DSL series routers
## Sergiu Gatlan
ASUS has released new firmware to patch a critical authentication bypass security flaw impacting several DSL series router models.
Tracked as CVE-2025-59367 , this vulnerability allows remote, unauthenticated attackers to log into unpatched devices exposed online in low-complexity attacks that don't require user interaction.
ASUS has released firmware version 1.1.2.3_1010 to address this vulnerability for DSL-AC51, DSL-N16, and DSL-AC750 router models.
"An authentication bypass vulnerability has been identified in certain DSL series routers, may allow remote attackers to gain unauthorized access into the affected system," ASUS explains .
"ASUS recommends update to the latest firmware to ensure your devi
2025-11-13
Published