Search criteria
2 vulnerabilities found for DSL-AC51 by ASUS
CVE-2025-59367 (GCVE-0-2025-59367)
Vulnerability from cvelistv5 – Published: 2025-11-13 02:09 – Updated: 2025-11-14 04:55
VLAI?
Summary
An authentication bypass vulnerability has been identified in certain DSL series routers, may allow remote attackers to gain unauthorized access into the affected system. Refer to the 'Security Update for DSL Series Router' section on the ASUS Security Advisory for more information.
Severity ?
CWE
- CWE-288 - Authentication Bypass by Alternate Path or Channel
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59367",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-13T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T04:55:37.062Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.asus.com/security-advisory"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DSL-AC51",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "Before 1.1.2.3_1010"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSL-N16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "Before 1.1.2.3_1010"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSL-AC750",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "Before 1.1.2.3_1010"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authentication bypass vulnerability has been identified in certain DSL series routers, may allow remote attackers to gain unauthorized access into the affected system. Refer to the \u0027Security Update for DSL Series Router\u0027 section on the ASUS Security Advisory for more information.\u003cbr\u003e"
}
],
"value": "An authentication bypass vulnerability has been identified in certain DSL series routers, may allow remote attackers to gain unauthorized access into the affected system. Refer to the \u0027Security Update for DSL Series Router\u0027 section on the ASUS Security Advisory for more information."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288: Authentication Bypass by Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T02:09:55.309Z",
"orgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
"shortName": "ASUS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.asus.com/security-advisory"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
"assignerShortName": "ASUS",
"cveId": "CVE-2025-59367",
"datePublished": "2025-11-13T02:09:55.309Z",
"dateReserved": "2025-09-15T01:36:47.357Z",
"dateUpdated": "2025-11-14T04:55:37.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-3912 (GCVE-0-2024-3912)
Vulnerability from cvelistv5 – Published: 2024-06-14 09:29 – Updated: 2024-08-01 20:26
VLAI?
Title
ASUS Router - Upload arbitrary firmware
Summary
Certain models of ASUS routers have an arbitrary firmware upload vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the device.
Severity ?
9.8 (Critical)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | DSL-N17U |
Affected:
earlier , < 1.1.2.3_792
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:asus:dsl-n55u_d1_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:asus:dsl-n17u_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:asus:dsl-n55u_c1_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:asus:dsl-n66u_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "dsl-n66u_firmware",
"vendor": "asus",
"versions": [
{
"lessThan": "1.1.2.3_792",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:dsl-n14u_b1:-:*:*:*:*:*:*:*",
"cpe:2.3:o:asus:dsl-n14u_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:asus:dsl-n12u_c1_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "dsl-n12u_c1_firmware",
"vendor": "asus",
"versions": [
{
"lessThan": "1.1.2.3_807",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:asus:dsl-ac56u_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:asus:dsl-ac55u_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:asus:dsl-ac52u_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:asus:dsl-ac750_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:asus:dsl-ac51_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:asus:dsl-n16p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:asus:dsl-n10p_c1_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:asus:dsl-n10_d1_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:asus:dsl-ac52_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:asus:dsl-ac55_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "dsl-ac55_firmware",
"vendor": "asus",
"versions": [
{
"lessThan": "1.1.2.3_999",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:asus:dsl-n16p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:asus:dsl-n10p_c1_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:asus:dsl-n10_d1_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:asus:dsl-ac52_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:asus:dsl-ac55_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:asus:dsl-n16_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:asus:dsl-n12e_c1_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:asus:dsl-n10_c1_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dsl-n10_c1_firmware",
"vendor": "asus",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3912",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-27T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T03:55:21.068Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:26:57.193Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7875-872d3-1.html"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.twcert.org.tw/en/cp-139-7876-396bd-2.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DSL-N17U",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1.1.2.3_792",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSL-N55U_C1",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1.1.2.3_792",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSL-N55U_D1",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1.1.2.3_792",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSL-N66U",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1.1.2.3_792",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSL-N12U_C1",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1.1.2.3_807",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSL-N12U_D1",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1.1.2.3_807",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSL-N14U",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1.1.2.3_807",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSL-N14U_B1",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1.1.2.3_807",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSL-N16",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1.1.2.3_999",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSL-AC51",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1.1.2.3_999",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSL-AC750",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1.1.2.3_999",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSL-AC52U",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1.1.2.3_999",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSL-AC55U",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1.1.2.3_999",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSL-AC56U",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1.1.2.3_999",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSL-N10_C1",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSL-N10_D1",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSL-N10P_C1",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSL-N12E_C1",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSL-N16P",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSL-N16U",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSL-AC52",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSL-AC55",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"datePublic": "2024-06-14T09:28:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Certain models of ASUS routers have an arbitrary firmware upload vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the device."
}
],
"value": "Certain models of ASUS routers have an arbitrary firmware upload vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the device."
}
],
"impacts": [
{
"capecId": "CAPEC-17",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-17 Using Malicious Files"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T10:57:26.604Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7875-872d3-1.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/en/cp-139-7876-396bd-2.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update following models to version 1.1.2.3_792 or later\uff1a\u003cbr\u003eDSL-N17U, DSL-N55U_C1, DSL-N55U_D1, DSL-N66U\u003cbr\u003e\u003cbr\u003eUpdate following models to version 1.1.2.3_807 or later\uff1a\u003cbr\u003eDSL-N12U_C1, DSL-N12U_D1, DSL-N14U, DSL-N14U_B1\u003cbr\u003e\u003cbr\u003eUpdate following models to version 1.1.2.3_999 or later\uff1a\u003cbr\u003eDSL-N16, DSL-AC51, DSL-AC750, DSL-AC52U, DSL-AC55U, DSL-AC56U\u003cbr\u003e\u003cbr\u003eThe following models are no longer maintained, and it is recommended to retire and replace them.\u003cbr\u003eDSL-N10_C1, DSL-N10_D1, DSL-N10P_C1, DSL-N12E_C1, ,DSL-N16P, DSL-N16U, DSL-AC52, DSL-AC55\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIf replacement is not possible in the short term, it is recommended to disable remote access (Web access from WAN), virtual servers (Port forwarding), DDNS, VPN server, DMZ, and port trigger.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update following models to version 1.1.2.3_792 or later\uff1a\nDSL-N17U, DSL-N55U_C1, DSL-N55U_D1, DSL-N66U\n\nUpdate following models to version 1.1.2.3_807 or later\uff1a\nDSL-N12U_C1, DSL-N12U_D1, DSL-N14U, DSL-N14U_B1\n\nUpdate following models to version 1.1.2.3_999 or later\uff1a\nDSL-N16, DSL-AC51, DSL-AC750, DSL-AC52U, DSL-AC55U, DSL-AC56U\n\nThe following models are no longer maintained, and it is recommended to retire and replace them.\nDSL-N10_C1, DSL-N10_D1, DSL-N10P_C1, DSL-N12E_C1, ,DSL-N16P, DSL-N16U, DSL-AC52, DSL-AC55\n\n\nIf replacement is not possible in the short term, it is recommended to disable remote access (Web access from WAN), virtual servers (Port forwarding), DDNS, VPN server, DMZ, and port trigger."
}
],
"source": {
"advisory": "TVN-202406011",
"discovery": "EXTERNAL"
},
"title": "ASUS Router - Upload arbitrary firmware",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2024-3912",
"datePublished": "2024-06-14T09:29:00.161Z",
"dateReserved": "2024-04-17T07:06:03.258Z",
"dateUpdated": "2024-08-01T20:26:57.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}