# ASUS warns of critical auth bypass flaw in DSL series routers

![](https://www.bleepstatic.com/content/hl-images/2024/06/14/asus.jpg)

ASUS has released new firmware to patch a critical authentication bypass security flaw impacting several DSL series router models.

Tracked as , this vulnerability allows remote, unauthenticated attackers to log into unpatched devices exposed online in low-complexity attacks that don't require user interaction.

ASUS has released firmware version 1.1.2.3_1010 to address this vulnerability for DSL-AC51, DSL-N16, and DSL-AC750 router models.

"An authentication bypass vulnerability has been identified in certain DSL series routers, may allow remote attackers to gain unauthorized access into the affected system," .

"ASUS recommends update to the latest firmware to ensure your device remains protected. Download and install the latest firmware version 1.1.2.3_1010 for your device from the ASUS support page or your product page at ASUS Networking."

While the Taiwanese electronics manufacturer only mentions three affected router models, it also provides mitigation measures for users who can't  or have end-of-life models that will not receive firmware updates.

To block potential attacks without patching the routers, users are advised to disable any services accessible from the Internet, including remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port triggering, and FTP.

ASUS also recommends taking additional measures to secure routers and reduce the attack surface, including using complex passwords for the router administration page and wireless networks, regularly checking for security updates and new firmware, and avoiding the reuse of credentials.

While there are no reports of active exploitation, it is strongly recommended to install the latest firmware as soon as possible, as attackers commonly target router flaws to infect devices with botnet malware, which they then use in DDoS attacks.

For instance, in June, CISA  two older security flaws impacting ASUS RT-AX55 (CVE-2023-39780) and ASUS GT-AC2900 (CVE-2021-32030) routers to its catalog of actively exploited vulnerabilities.

As cybersecurity company GreyNoise and French cybersecurity firm Sekoia revealed at the time, "a well-resourced and highly capable adversary" tracked as  used CVE-2023-39780 and CVE-2021-32030 to  in attacks aimed at building a new botnet, tracked as .

In April, ASUS  vulnerability () in a wide range of router models with the AiCloud service enabled.

Whether you're cleaning up old keys or setting guardrails for AI-generated code, this guide helps your team build securely from the start.

Get the cheat sheet and take the guesswork out of secrets management.

	  ****
