Technology

Critical Security Flaws Uncovered in ASUS Devices: Are You at Risk?

2025-07-18

Author: Emily

Danger Lurking in Your ASUS Devices!

Gamers Nexus has unearthed alarming vulnerabilities across several ASUS products that could leave users exposed to cyberattacks. Four primary threats have been identified: ASUS routers, DriverHub, MyASUS/RMA, and Armory Crate. Notably, the malicious campaign dubbed ‘AyySSHush’ is targeting ASUS routers directly.

Brute Force, Backdoors, and Bloatware—Oh My!

Cybersecurity researchers from GreyNoise have revealed that hackers are employing brutal tactics such as brute-force attacks, authentication bypasses, and a serious CVE-2023-139780 command injection to implant SSH backdoors into the non-volatile memory of affected routers. This exploit does not just persist through reboots—it dodges firmware updates as well. The urgent advice? Update your firmware and perform factory resets immediately!

New Zero-Click Vulnerabilities Exposed!

Security guru Paul ‘Mr. Bruh’ has raised the alarm about a zero-click remote code execution vulnerability within ASUS DriverHub. As if that's not enough, hardcoded admin credentials in MyASUS and the RMA portal could expose sensitive user information including names, birthdays, addresses, and phone numbers to attackers. Although ASUS implemented some patches in May 2025, Gamers Nexus critiques these efforts as too little, too late—offering mere token acknowledgments without meaningful bug bounty incentives.

Kernel-Level Exploits Invite More Trouble!

In another unsettling discovery, researcher Marson Icewall Noga from Cisco Talos revealed two kernel-level exploits lurking in Armory Crate’s ASIO3 driver. These vulnerabilities offer low-level hardware access and allow for physical memory mapping. Even after security updates, there’s still reason for concern: Armory Crate tends to reinstall itself through BIOS settings and Windows firmware updates, effectively acting as a form of elevated-risk bloatware.

Your Action Plan: Stay Secure!

Gamers Nexus emphasizes the need for immediate action. ASUS’s continued release of motherboard-level utilities, paired with overlooked software and router vulnerabilities, creates a dangerous attack surface. Users are strongly advised to uninstall non-essential ASUS tools, disable any bloatware mechanisms, and ensure that firmware is current. The time to act is now—your security depends on it!