ASUS has released new firmware to patch a critical authentication bypass security flaw impacting several DSL series router models.
Tracked as CVE-2025-59367, this vulnerability allows remote, unauthenticated attackers to log into unpatched devices exposed online in low-complexity attacks that don't require user interaction.
ASUS has released firmware version 1.1.2.3_1010 to address this vulnerability for DSL-AC51, DSL-N16, and DSL-AC750 router models.
"An authentication bypass vulnerability has been identified in certain DSL series routers, may allow remote attackers to gain unauthorized access into the affected system," ASUS explains.
"ASUS recommends update to the latest firmware to ensure your device remains protected. Download and install the latest firmware version 1.1.2.3_1010 for your device from the ASUS support page or your product page at ASUS Networking."
While the Taiwanese electronics manufacturer only mentions three affected router models, it also provides mitigation measures for users who can't immediately update their devices or have end-of-life models that will not receive firmware updates.
To block potential attacks without patching the routers, users are advised to disable any services accessible from the Internet, including remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port triggering, and FTP.
ASUS also recommends taking additional measures to secure routers and reduce the attack surface, including using complex passwords for the router administration page and wireless networks, regularly checking for security updates and new firmware, and avoiding the reuse of credentials.
