Originally published at ssojet

Major cloud platforms targeted by TRIPLESTRENGTH hacking operation. (Adobe Stock)

Image courtesy of Cyber Risk Alliance

ASUS has identified a critical vulnerability in several router models that utilize the AiCloud feature, tracked as CVE-2025-2492. This flaw enables remote attackers to bypass authentication controls and perform unauthorized functions on affected devices. The vulnerability arises from inadequate authentication mechanisms in specific firmware versions, making devices susceptible to crafted requests sent over the internet. The affected firmware series includes 3.0.0.4_382, 3.0.0.4_386, 3.0.0.4_388, and 3.0.0.6_102.

ASUS has released patches for the vulnerable models, and users are strongly encouraged to update their firmware via the official ASUS support page. For those unable to update immediately, ASUS recommends disabling AiCloud and turning off any services exposed to the internet, such as WAN remote access, DDNS, VPN servers, and FTP. Strengthening login credentials is also advisable to mitigate potential security risks.

While there are no confirmed instances of active exploitation, the vulnerability's high CVSS score of 9.2 indicates its potential severity. Users must act promptly to secure their devices and networks, especially if they utilize cloud connectivity features that can expose them to threats.

Security Recommendations for Users

ASUS

Image courtesy of Bleeping Computer

ASUS strongly advises users to adopt the following measures to protect their networks:

  • Update Firmware: Ensure that you are running the latest firmware available for your router model. For guidance on applying firmware updates, refer to the ASUS firmware update instructions.
  • Disable AiCloud: For those using end-of-life router models, it is recommended to completely disable AiCloud functionality until a firmware update can be applied.
  • Change Passwords: Use strong, unique passwords for both your Wi-Fi network and router admin page. These passwords should be a minimum of 10 characters and include a mix of letters, numbers, and symbols to enhance security.
  • Turn Off Exposed Services: Disable any services that can be accessed from the internet, such as remote access from WAN, port forwarding, DMZ, and FTP services.

For ongoing security, users should regularly monitor their router settings and device security advisories.

Finding Affected ASUS Routers

ASUS has provided guidance for identifying potentially vulnerable devices within your network. Users can utilize tools such as runZero to locate systems running the vulnerable firmware. By executing the following query in the Assets Inventory, users can find affected models:

os:="Asus AsusWRT 382" OR os:="Asus AsusWRT 386" OR os:="Asus AsusWRT 388" OR os:="Asus AsusWRT 102"

This proactive approach helps in identifying and mitigating risks associated with the vulnerability.

Importance of Authentication Solutions

For enterprises reliant on secure access and user management, implementing robust authentication solutions is critical. Solutions like Single Sign-On (SSO), Multi-Factor Authentication (MFA), and Passkey integration are essential in safeguarding user identities and preventing unauthorized access.

SSOJet's API-first platform offers comprehensive SSO solutions, featuring directory sync, SAML, OIDC, and magic link authentication. These services ensure that organizations can effectively manage user identities while maintaining compliance with security standards.

By prioritizing strong authentication methods, businesses can significantly reduce their risk of data breaches while enhancing user experience.

For further details on how to implement secure SSO and user management tailored for enterprise clients, explore SSOJet's services or contact us for more information.