Asus Router
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Asus Router.
By the Year
In 2026 there have been 1 vulnerability in Asus Router. Last year, in 2025 Router had 9 security vulnerabilities published. Right now, Router is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1 | 0.00 |
| 2025 | 9 | 0.00 |
It may take a day or so for new Router vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Asus Router Security Vulnerabilities
ASUS Router Web UI CSRF Enables Authenticated Privilege Actions
CVE-2025-15101
- March 26, 2026
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Web management interface of certain ASUS router models. This vulnerability potentially allows actions to be performed with the existing privileges of an authenticated user on the affected device, including the ability to execute system commands through unintended mechanisms. Refer to the 'Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information.
Session Riding
ASUS Router Firmware Path Traversal for Authenticated File Write
CVE-2025-59372
- November 25, 2025
A path traversal vulnerability has been identified in certain router models. A remote, authenticated attacker could exploit this vulnerability to write files outside the intended directory, potentially affecting device integrity. Refer to the 'Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information.
Directory traversal
AUTH Bypass in Asus Router IFTTT Integration Remote Auth Attacker Access
CVE-2025-59371
- November 25, 2025
An authentication bypass vulnerability has been identified in the IFTTT integration feature. A remote, authenticated attacker could leverage this vulnerability to potentially gain unauthorized access to the device. This vulnerability does not affect Wi-Fi 7 series models. Refer to the 'Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information.
Use of Insufficiently Random Values
Command Injection in ASUS bwdpi Router Firmware
CVE-2025-59370
- November 25, 2025
A command injection vulnerability has been identified in bwdpi. A remote, authenticated attacker could leverage this vulnerability to potentially execute arbitrary commands, leading to the device executing unintended instructions. Refer to the 'Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information.
Shell injection
CVE-2025-59369: Authenticated SQLi in bwdpi of ASUS Router
CVE-2025-59369
- November 25, 2025
A SQL injection vulnerability has been identified in bwdpi. A remote, authenticated attacker could leverage this vulnerability to potentially execute arbitrary SQL queries, leading to unauthorized data access. Refer to the 'Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information.
SQL Injection
Integer Underflow in Aicloud (ASUS Router) Enables DoS
CVE-2025-59368
- November 25, 2025
An integer underflow vulnerability has been identified in Aicloud. An authenticated attacker may trigger this vulnerability by sending a crafted request, potentially impacting the availability of the device. Refer to the ' Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information.
Integer underflow
ASUS Router WebDAV Path Traversal VULN Affects Device Integrity
CVE-2025-12003
- November 25, 2025
A path traversal vulnerability has been identified in WebDAV, which may allow unauthenticated remote attackers to impact the integrity of the device. Refer to the ' Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information.
Missing Authentication for Critical Function
Auth Stack Buffer Overflow in ASUS Router Firmware
CVE-2025-59365
- November 25, 2025
A stack buffer overflow vulnerability has been identified in certain router models. An authenticated attacker may trigger this vulnerability by sending a crafted request, potentially impacting the availability of the device. Refer to the ' Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information.
Stack Overflow
Auth Bypass in ASUS AiCloud via Samba Functionality
CVE-2025-59366
- November 25, 2025
An authentication-bypass vulnerability exists in AiCloud. This vulnerability can be triggered by an unintended side effect of the Samba functionality, potentially leading to allow execution of specific functions without proper authorization. Refer to the Security Update for ASUS Router Firmware section on the ASUS Security Advisory for more information.
Directory traversal
ASUS AiCloud Improper Auth Flaw
CVE-2025-2492
- April 18, 2025
An improper authentication control vulnerability exists in AiCloud. This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions. Refer to the 'ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information.
Authentication Bypass Using an Alternate Path or Channel
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Asus Router or by Asus? Click the Watch button to subscribe.
