Home

Description

An improper authentication control vulnerability exists in AiCloud. This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions. Refer to the 'ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information.

PUBLISHED Reserved 2025-03-18 | Published 2025-04-18 | Updated 2026-02-24 | Assigner ASUS




CRITICAL: 9.2CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Problem types

CWE-288: Authentication Bypass Using an Alternate Path or Channel

Product status

Default status
unaffected

3.0.0.4_382 series
affected

3.0.0.4_386 series
affected

3.0.0.4_388 series
affected

3.0.0.6_102 series
affected

Credits

Nanyu Zhong of VARAS@IIE reporter

NICTER Analysis Team of Cybersecurity Research Institute, National Institute of Information and Communications Technology reporter

References

www.asus.com/content/asus-product-security-advisory/ vendor-advisory

cve.org (CVE-2025-2492)

nvd.nist.gov (CVE-2025-2492)

Download JSON