ASUS warns of critical auth bypass flaw in routers using AiCloud
ASUS warns of critical auth bypass flaw in routers using AiCloud
Information:
ASUS Routers with AiCloud are various wireless router models from ASUS that come equipped with the built-in ASUS AiCloud feature.
ASUS AiCloud is a technology that allows you to easily create a personal cloud by connecting a USB storage device to the USB port of a supported ASUS router. You can then access, share, and manage your files from anywhere with an internet connection via the ASUS AiCloud app on your smartphone or tablet, or through a web browser.
Incident:
ASUS has issued a warning about an authentication bypass vulnerability in routers with the AiCloud feature enabled, which could allow remote attackers to execute functions on the device without authorization. The vulnerability is tracked as CVE-2025-2492 and is rated Critical with a CVSS v4 score of 9.2. Attackers can exploit this flaw by sending specially crafted requests without requiring any authentication.
Recommendation:
Firmware Update series next
- series 3.0.0.4_382
- series 3.0.0.4_386
- series 3.0.0.4_388
- series 3.0.0.6_102
เพราะความปลอดภัยเป็นเรื่องสำคัญที่เราต้องเฝ้าระวังและป้องกัน สอบถามรายละเอียดเพิ่มเติมด้านโซลูชันและบริการ Security ติดต่อฝ่ายขาย INETMS ได้ที่
อีเมล: sales@inetms.co.th
065 149 2822 (คุณสุภัสสร ) 065-929-6330 (คุณกานต์สินี) 063-204-4534 (คุณอสมาภรณ์) 061-387-9439 (คุณศิริลักษณ์) 092-257-6902 (คุณนฤษร) 063-197-7510 (คุณญาโณทัย)References:
-https://nvd.nist.gov/vuln/detail/CVE-2025-2492
Weekly Interesting CVE
| NO. |
CVE Name |
Published Date |
Last Update |
Device/Appplication/OS Target |
Attack Type |
CVSS |
Detail |
Solution |
Reference |
|---|---|---|---|---|---|---|---|---|---|
| 1 |
CVE-2021-4455 |
19/4/2025 |
19/4/2025 |
Smart Product Review plugin for WordPress version |
Remote Command Execution |
9.8 |
The Wordpress Plugin Smart Product Review plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. |
Update to version 1.0.5 or latest version |
|
| 2 |
CVE-2025-29651 |
16/4/2025 |
17/4/2025 |
TP-Link M7650 4G LTE Mobile Wi-Fi Router |
SQL Injection |
9.8 |
SQL Injection vulnerability exists in the TP-Link M7650 4G LTE Mobile Wi-Fi Router Firmware Version: 1.0.7 Build 170623 Rel.1022n, allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields. |
Update latest version |
|
| 3 |
CVE-2025-32434 |
18/4/2025 |
18/4/2025 |
PyTorch version 2.5.1 and prior |
Remote Command Execution |
9.3 |
PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True. |
Update to version 2.6.0 or latest version |
https://www.cvedetails.com/cve/CVE-2025-32434/
|
| 4 |
CVE-2025-3619 |
16/4/2025 |
17/4/2025 |
Codecs in Google Chrome on Windows prior to 135.0.7049.95 |
Heap buffer overflow |
8.8 |
Heap buffer overflow in Codecs in Google Chrome on Windows prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) |
Update latest version |
|
| 5 |
CVE-2025-1532 |
17/4/2025 |
17/4/2025 |
Honor Phoneservice module |
Code Injection |
8.1 |
Honor Phoneservice module is affected by code injection vulnerability, successful exploitation of this vulnerability may affect service confidentiality and integrity. |
Update latest version |
https://www.cvedetails.com/cve/CVE-2025-1532/ |
Malware News or Campaign IOC/IOA | EN
|
No |
Campaign Name |
Detection Date |
Attack Type |
Description |
Mitigation/Remediation |
|---|---|---|---|---|---|
| 1 |
China-linked APT Mustang Panda upgrades tools in its arsenal |
17/04/2025 |
Phishing, Malware |
A China state-sponsored hacking group known as Mustang Panda (also referred to as Camaro Dragon, RedDelta, and Bronze President) has upgraded and expanded its attack toolkit in 2025, targeting organizations across Europe, Asia, and Australia, according to Security Affairs. New Tools in UseMQsTTang: A newly developed backdoor that uses the MQTT protocol for communication with command-and-control (C2) servers, making it more evasive and difficult to detect. (Source: Security Affairs)ToneShell (New Version): An improved backdoor with modifications in the FakeTLS protocol and how the client identifier is generated. (Source: The Hacker News)StarProxy: A tool designed for lateral movement within internal networks, allowing attackers to expand their reach inside the victim’s environment. (Source: SC Media)PAKLOG and CorKLOG: Two new keyloggers that use encryption and data-hiding techniques to steal keystrokes and clipboard data. (Source: Zscaler)SplatCloak: A driver designed to evade detection by endpoint protection systems (EDR) by disabling alerts related to Windows Defender and Kaspersky. (Source: Zscaler)Attack TargetsMustang Panda is targeting government entities, policy and research groups, and NGOs in several countries, including Taiwan, Myanmar, Mongolia, and Hong Kong. The group often uses malicious documents disguised as legitimate international reports—such as EU publications on the Ukraine war—to trick victims into opening infected files. |
|
06 May 2025
Viewed 43 time
