Refine your search
2 vulnerabilities found for DSL-N16 by ASUS
CVE-2025-59367 (GCVE-0-2025-59367)
Vulnerability from cvelistv5
Published
2025-11-13 02:09
Modified
2026-02-26 16:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-288 - Authentication Bypass by Alternate Path or Channel
Summary
An authentication bypass vulnerability has been identified in certain DSL series routers, may allow remote attackers to gain unauthorized access into the affected system. Refer to the 'Security Update for DSL Series Router' section on the ASUS Security Advisory for more information.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59367",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-14T04:55:37.458221Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:57:07.823Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.asus.com/security-advisory"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DSL-AC51",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "Before 1.1.2.3_1010"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSL-N16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "Before 1.1.2.3_1010"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSL-AC750",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "Before 1.1.2.3_1010"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authentication bypass vulnerability has been identified in certain DSL series routers, may allow remote attackers to gain unauthorized access into the affected system. Refer to the \u0027Security Update for DSL Series Router\u0027 section on the ASUS Security Advisory for more information.\u003cbr\u003e"
}
],
"value": "An authentication bypass vulnerability has been identified in certain DSL series routers, may allow remote attackers to gain unauthorized access into the affected system. Refer to the \u0027Security Update for DSL Series Router\u0027 section on the ASUS Security Advisory for more information."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288: Authentication Bypass by Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T02:09:55.309Z",
"orgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
"shortName": "ASUS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.asus.com/security-advisory"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
"assignerShortName": "ASUS",
"cveId": "CVE-2025-59367",
"datePublished": "2025-11-13T02:09:55.309Z",
"dateReserved": "2025-09-15T01:36:47.357Z",
"dateUpdated": "2026-02-26T16:57:07.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-3912 (GCVE-0-2024-3912)
Vulnerability from cvelistv5
Published
2024-06-14 09:29
Modified
2024-08-01 20:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Summary
Certain models of ASUS routers have an arbitrary firmware upload vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the device.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | DSL-N17U |
Version: earlier < 1.1.2.3_792 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:asus:dsl-n55u_d1_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:asus:dsl-n17u_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:asus:dsl-n55u_c1_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:asus:dsl-n66u_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "dsl-n66u_firmware",
"vendor": "asus",
"versions": [
{
"lessThan": "1.1.2.3_792",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:asus:dsl-n14u_b1:-:*:*:*:*:*:*:*",
"cpe:2.3:o:asus:dsl-n14u_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:asus:dsl-n12u_c1_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "dsl-n12u_c1_firmware",
"vendor": "asus",
"versions": [
{
"lessThan": "1.1.2.3_807",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:asus:dsl-ac56u_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:asus:dsl-ac55u_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:asus:dsl-ac52u_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:asus:dsl-ac750_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:asus:dsl-ac51_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:asus:dsl-n16p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:asus:dsl-n10p_c1_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:asus:dsl-n10_d1_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:asus:dsl-ac52_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:asus:dsl-ac55_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "dsl-ac55_firmware",
"vendor": "asus",
"versions": [
{
"lessThan": "1.1.2.3_999",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:asus:dsl-n16p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:asus:dsl-n10p_c1_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:asus:dsl-n10_d1_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:asus:dsl-ac52_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:asus:dsl-ac55_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:asus:dsl-n16_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:asus:dsl-n12e_c1_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:asus:dsl-n10_c1_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dsl-n10_c1_firmware",
"vendor": "asus",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3912",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-27T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T03:55:21.068Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:26:57.193Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7875-872d3-1.html"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.twcert.org.tw/en/cp-139-7876-396bd-2.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DSL-N17U",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1.1.2.3_792",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSL-N55U_C1",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1.1.2.3_792",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSL-N55U_D1",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1.1.2.3_792",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSL-N66U",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1.1.2.3_792",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSL-N12U_C1",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1.1.2.3_807",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSL-N12U_D1",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1.1.2.3_807",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSL-N14U",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1.1.2.3_807",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSL-N14U_B1",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1.1.2.3_807",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSL-N16",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1.1.2.3_999",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSL-AC51",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1.1.2.3_999",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSL-AC750",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1.1.2.3_999",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSL-AC52U",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1.1.2.3_999",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSL-AC55U",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1.1.2.3_999",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSL-AC56U",
"vendor": "ASUS",
"versions": [
{
"lessThan": "1.1.2.3_999",
"status": "affected",
"version": "earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSL-N10_C1",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSL-N10_D1",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSL-N10P_C1",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSL-N12E_C1",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSL-N16P",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSL-N16U",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSL-AC52",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSL-AC55",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"datePublic": "2024-06-14T09:28:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Certain models of ASUS routers have an arbitrary firmware upload vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the device."
}
],
"value": "Certain models of ASUS routers have an arbitrary firmware upload vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the device."
}
],
"impacts": [
{
"capecId": "CAPEC-17",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-17 Using Malicious Files"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T10:57:26.604Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7875-872d3-1.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/en/cp-139-7876-396bd-2.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update following models to version 1.1.2.3_792 or later\uff1a\u003cbr\u003eDSL-N17U, DSL-N55U_C1, DSL-N55U_D1, DSL-N66U\u003cbr\u003e\u003cbr\u003eUpdate following models to version 1.1.2.3_807 or later\uff1a\u003cbr\u003eDSL-N12U_C1, DSL-N12U_D1, DSL-N14U, DSL-N14U_B1\u003cbr\u003e\u003cbr\u003eUpdate following models to version 1.1.2.3_999 or later\uff1a\u003cbr\u003eDSL-N16, DSL-AC51, DSL-AC750, DSL-AC52U, DSL-AC55U, DSL-AC56U\u003cbr\u003e\u003cbr\u003eThe following models are no longer maintained, and it is recommended to retire and replace them.\u003cbr\u003eDSL-N10_C1, DSL-N10_D1, DSL-N10P_C1, DSL-N12E_C1, ,DSL-N16P, DSL-N16U, DSL-AC52, DSL-AC55\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIf replacement is not possible in the short term, it is recommended to disable remote access (Web access from WAN), virtual servers (Port forwarding), DDNS, VPN server, DMZ, and port trigger.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update following models to version 1.1.2.3_792 or later\uff1a\nDSL-N17U, DSL-N55U_C1, DSL-N55U_D1, DSL-N66U\n\nUpdate following models to version 1.1.2.3_807 or later\uff1a\nDSL-N12U_C1, DSL-N12U_D1, DSL-N14U, DSL-N14U_B1\n\nUpdate following models to version 1.1.2.3_999 or later\uff1a\nDSL-N16, DSL-AC51, DSL-AC750, DSL-AC52U, DSL-AC55U, DSL-AC56U\n\nThe following models are no longer maintained, and it is recommended to retire and replace them.\nDSL-N10_C1, DSL-N10_D1, DSL-N10P_C1, DSL-N12E_C1, ,DSL-N16P, DSL-N16U, DSL-AC52, DSL-AC55\n\n\nIf replacement is not possible in the short term, it is recommended to disable remote access (Web access from WAN), virtual servers (Port forwarding), DDNS, VPN server, DMZ, and port trigger."
}
],
"source": {
"advisory": "TVN-202406011",
"discovery": "EXTERNAL"
},
"title": "ASUS Router - Upload arbitrary firmware",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2024-3912",
"datePublished": "2024-06-14T09:29:00.161Z",
"dateReserved": "2024-04-17T07:06:03.258Z",
"dateUpdated": "2024-08-01T20:26:57.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}