Asus Router vulnerabilities

CVE-2025-15101 [HIGH] CWE-78 CVE-2025-15101: A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Web management interfac A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Web management interface of certain ASUS router models. This vulnerability potentially allows actions to be performed with the existing privileges of an authenticated user on the affected device, including the ability to execute system commands through unintended mechanisms. R

CVE-2025-59366 [CRITICAL] CWE-22 CVE-2025-59366: An authentication-bypass vulnerability exists in AiCloud. This vulnerability can be triggered by an An authentication-bypass vulnerability exists in AiCloud. This vulnerability can be triggered by an unintended side effect of the Samba functionality, potentially leading to allow execution of specific functions without proper authorization. Refer to the Security Update for ASUS Router Firmware section on the ASUS Security Advisory for more inform

CVE-2025-12003 [HIGH] CWE-22 CVE-2025-12003: A path traversal vulnerability has been identified in WebDAV, which may allow unauthenticated remote A path traversal vulnerability has been identified in WebDAV, which may allow unauthenticated remote attackers to impact the integrity of the device. Refer to the ' Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information.

CVE-2025-59370 [HIGH] CWE-78 CVE-2025-59370: A command injection vulnerability has been identified in bwdpi. A remote, authenticated attacker cou A command injection vulnerability has been identified in bwdpi. A remote, authenticated attacker could leverage this vulnerability to potentially execute arbitrary commands, leading to the device executing unintended instructions. Refer to the 'Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information.

CVE-2025-59371 [HIGH] CWE-330 CVE-2025-59371: An authentication bypass vulnerability has been identified in the IFTTT integration feature. A remot An authentication bypass vulnerability has been identified in the IFTTT integration feature. A remote, authenticated attacker could leverage this vulnerability to potentially gain unauthorized access to the device. This vulnerability does not affect Wi-Fi 7 series models. Refer to the 'Security Update for ASUS Router Firmware' section on the ASUS Secu

CVE-2025-59368 [MEDIUM] CWE-191 CVE-2025-59368: An integer underflow vulnerability has been identified in Aicloud. An authenticated attacker may tri An integer underflow vulnerability has been identified in Aicloud. An authenticated attacker may trigger this vulnerability by sending a crafted request, potentially impacting the availability of the device. Refer to the ' Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information.

CVE-2025-59365 [MEDIUM] CWE-121 CVE-2025-59365: A stack buffer overflow vulnerability has been identified in certain router models. An authenticated A stack buffer overflow vulnerability has been identified in certain router models. An authenticated attacker may trigger this vulnerability by sending a crafted request, potentially impacting the availability of the device. Refer to the ' Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information.

CVE-2025-59372 [MEDIUM] CWE-22 CVE-2025-59372: A path traversal vulnerability has been identified in certain router models. A remote, authenticated A path traversal vulnerability has been identified in certain router models. A remote, authenticated attacker could exploit this vulnerability to write files outside the intended directory, potentially affecting device integrity. Refer to the 'Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information.

CVE-2025-59369 [MEDIUM] CWE-89 CVE-2025-59369: A SQL injection vulnerability has been identified in bwdpi. A remote, authenticated attacker could l A SQL injection vulnerability has been identified in bwdpi. A remote, authenticated attacker could leverage this vulnerability to potentially execute arbitrary SQL queries, leading to unauthorized data access. Refer to the 'Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information.

CVE-2025-2492 [CRITICAL] CWE-288 CVE-2025-2492: An improper authentication control vulnerability exists in AiCloud. This vulnerability can be trigge An improper authentication control vulnerability exists in AiCloud. This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions. Refer to the 'ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information.

CVE-2024-12912 [HIGH] CWE-20 CVE-2024-12912: An improper input insertion vulnerability in AiCloud on certain router models may lead to arbitrary An improper input insertion vulnerability in AiCloud on certain router models may lead to arbitrary command execution. Refer to the '01/02/2025 ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information.

CVE-2024-13062 [HIGH] CWE-77 CVE-2024-13062: An unintended entry point vulnerability has been identified in certain router models, which may allo An unintended entry point vulnerability has been identified in certain router models, which may allow for arbitrary command execution. Refer to the ' 01/02/2025 ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information.