cnvd - cnvd-2025-29936

CNVD-2025-29936

Vulnerability from cnvd - Published: 2025-12-03

Title

ASUS Router身份验证绕过漏洞（CNVD-2025-29936）

Description

ASUS Router是华硕公司推出的路由器产品及配套管理应用，主要用于家庭和企业网络的无线连接与管理。 ASUS Router存在身份验证绕过漏洞，该漏洞源于Samba功能意外副作用，攻击者可利用该漏洞导致未经授权的功能执行。

Severity

高

Patch Name

ASUS Router身份验证绕过漏洞（CNVD-2025-29936）的补丁

Patch Description

ASUS Router是华硕公司推出的路由器产品及配套管理应用，主要用于家庭和企业网络的无线连接与管理。 ASUS Router存在身份验证绕过漏洞，该漏洞源于Samba功能意外副作用，攻击者可利用该漏洞导致未经授权的功能执行。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级程序修复该安全问题，详情见厂商官网: https://www.asus.com/security-advisory/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2025-59366

Impacted products

Name
['ASUS ASUS Router 3.0.0.4_386', 'ASUS ASUS Router 3.0.0.4_388', 'ASUS ASUS Router 3.0.0.6_102']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-59366",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-59366"
    }
  },
  "description": "ASUS Router\u662f\u534e\u7855\u516c\u53f8\u63a8\u51fa\u7684\u8def\u7531\u5668\u4ea7\u54c1\u53ca\u914d\u5957\u7ba1\u7406\u5e94\u7528\uff0c\u4e3b\u8981\u7528\u4e8e\u5bb6\u5ead\u548c\u4f01\u4e1a\u7f51\u7edc\u7684\u65e0\u7ebf\u8fde\u63a5\u4e0e\u7ba1\u7406\u3002\n\nASUS Router\u5b58\u5728\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eSamba\u529f\u80fd\u610f\u5916\u526f\u4f5c\u7528\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u672a\u7ecf\u6388\u6743\u7684\u529f\u80fd\u6267\u884c\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u7a0b\u5e8f\u4fee\u590d\u8be5\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u89c1\u5382\u5546\u5b98\u7f51:\r\nhttps://www.asus.com/security-advisory/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-29936",
  "openTime": "2025-12-03",
  "patchDescription": "ASUS Router\u662f\u534e\u7855\u516c\u53f8\u63a8\u51fa\u7684\u8def\u7531\u5668\u4ea7\u54c1\u53ca\u914d\u5957\u7ba1\u7406\u5e94\u7528\uff0c\u4e3b\u8981\u7528\u4e8e\u5bb6\u5ead\u548c\u4f01\u4e1a\u7f51\u7edc\u7684\u65e0\u7ebf\u8fde\u63a5\u4e0e\u7ba1\u7406\u3002\r\n\r\nASUS Router\u5b58\u5728\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eSamba\u529f\u80fd\u610f\u5916\u526f\u4f5c\u7528\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u672a\u7ecf\u6388\u6743\u7684\u529f\u80fd\u6267\u884c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "ASUS Router\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\uff08CNVD-2025-29936\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "ASUS ASUS Router 3.0.0.4_386",
      "ASUS ASUS Router 3.0.0.4_388",
      "ASUS ASUS Router 3.0.0.6_102"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2025-59366",
  "serverity": "\u9ad8",
  "submitTime": "2025-11-27",
  "title": "ASUS Router\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\uff08CNVD-2025-29936\uff09"
}

CVE-2025-59366 (GCVE-0-2025-59366)

Vulnerability from cvelistv5 – Published: 2025-11-25 07:27 – Updated: 2025-11-26 04:55

Summary

An authentication-bypass vulnerability exists in AiCloud. This vulnerability can be triggered by an unintended side effect of the Samba functionality, potentially leading to allow execution of specific functions without proper authorization. Refer to the Security Update for ASUS Router Firmware section on the ASUS Security Advisory for more information.

Severity ?

9.2 (Critical)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-22 - Path Traversal
CWE-78 - OS Command Injection

Assigner

ASUS

References

URL

Tags

https://www.asus.com/content/security-advisory/

vendor-advisory

Impacted products

	Vendor	Product	Version
	ASUS	Router	Affected: 3.0.0.4_386 Affected: 3.0.0.4_388 Affected: 3.0.0.6_102

Credits

Nanyu Zhong of VARAS@IIE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-59366",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-25T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-26T04:55:22.973Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Router",
          "vendor": "ASUS",
          "versions": [
            {
              "status": "affected",
              "version": "3.0.0.4_386"
            },
            {
              "status": "affected",
              "version": "3.0.0.4_388"
            },
            {
              "status": "affected",
              "version": "3.0.0.6_102"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:asus:router:3.0.0.4_386:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:asus:router:3.0.0.4_388:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:asus:router:3.0.0.6_102:*:*:*:*:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Nanyu Zhong of VARAS@IIE"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An authentication-bypass vulnerability exists in AiCloud. This vulnerability can be triggered by an unintended side effect of the Samba functionality, potentially leading to allow execution of specific functions without proper authorization.\u003cbr\u003e\n\nRefer to the Security Update for ASUS Router Firmware section on the ASUS Security Advisory for more information.\n\n\u003cbr\u003e"
            }
          ],
          "value": "An authentication-bypass vulnerability exists in AiCloud. This vulnerability can be triggered by an unintended side effect of the Samba functionality, potentially leading to allow execution of specific functions without proper authorization.\n\n\nRefer to the Security Update for ASUS Router Firmware section on the ASUS Security Advisory for more information."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 9.2,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78: OS Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-25T07:27:02.626Z",
        "orgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
        "shortName": "ASUS"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.asus.com/content/security-advisory/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
    "assignerShortName": "ASUS",
    "cveId": "CVE-2025-59366",
    "datePublished": "2025-11-25T07:27:02.626Z",
    "dateReserved": "2025-09-15T01:36:47.356Z",
    "dateUpdated": "2025-11-26T04:55:22.973Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2025-29936

CVE-2025-59366 (GCVE-0-2025-59366)

Tags

Sightings

Nomenclature