Details of VAR-202511-2428

ID

VAR-202511-2428

CVE

CVE-2025-59366

TITLE

ASUS Router authentication bypass vulnerability (CNVD-2025-29936)

Trust: 0.6

sources: CNVD: CNVD-2025-29936

DESCRIPTION

An authentication-bypass vulnerability exists in AiCloud. This vulnerability can be triggered by an unintended side effect of the Samba functionality, potentially leading to allow execution of specific functions without proper authorization. Refer to the Security Update for ASUS Router Firmware section on the ASUS Security Advisory for more information. ASUS Router is a router product and accompanying management application launched by ASUS, primarily used for wireless connectivity and management in home and enterprise networks. Attackers could exploit this vulnerability to enable unauthorized function execution

Trust: 1.44

sources: NVD: CVE-2025-59366 // CNVD: CNVD-2025-29936

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-29936

AFFECTED PRODUCTS

vendor:	asus	model:	router 3.0.0.4 386	scope:	-	version:	-	Trust: 0.6
vendor:	asus	model:	router 3.0.0.4 388	scope:	-	version:	-	Trust: 0.6
vendor:	asus	model:	router 3.0.0.6 102	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-29936

CVSS

SEVERITY

CVSSV2

CVSSV3

54bf65a7-a193-42d2-b1ba-8e150d3c35e1:	CVE-2025-59366
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2025-29936
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-29936
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2025-29936 // NVD: CVE-2025-59366

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.0
problemtype:	CWE-22	Trust: 1.0

sources: NVD: CVE-2025-59366

PATCH

title:

Patch for ASUS Router authentication bypass vulnerability (CNVD-2025-29936)

url:

https://www.cnvd.org.cn/patchInfo/show/777156

Trust: 0.6

sources: CNVD: CNVD-2025-29936

EXTERNAL IDS

db:	NVD	id:	CVE-2025-59366	Trust: 1.6
db:	CNVD	id:	CNVD-2025-29936	Trust: 0.6

sources: CNVD: CNVD-2025-29936 // NVD: CVE-2025-59366

REFERENCES

url:	https://www.asus.com/content/security-advisory/	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-59366	Trust: 0.6

sources: CNVD: CNVD-2025-29936 // NVD: CVE-2025-59366

SOURCES

db:	CNVD	id:	CNVD-2025-29936
db:	NVD	id:	CVE-2025-59366

LAST UPDATE DATE

2025-12-19T22:48:29.164000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-29936	date:	2025-12-04T00:00:00
db:	NVD	id:	CVE-2025-59366	date:	2025-11-25T22:16:16.690

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-29936	date:	2025-12-03T00:00:00
db:	NVD	id:	CVE-2025-59366	date:	2025-11-25T08:15:52.287