Key Takeaways

  1. ASUS routers are under threat from the "AyySSHush" campaign, with attackers exploiting vulnerabilities for persistent SSH backdoors.
  2. A zero-click remote code execution flaw in ASUS DriverHub and hardcoded admin credentials in MyASUS/RMA expose sensitive user information.
  3. ASUS's response to vulnerabilities, including patches, lacks effective bug bounty programs to encourage better security practices.
  4. Armory Crate has kernel-level vulnerabilities that allow low-level hardware access, and it tends to reinstall itself, posing ongoing risks.
  5. Users should proactively update firmware, remove unnecessary ASUS utilities, and disable bloatware features to reduce security risks.

Gamers Nexus highlights four key security threats: ASUS routers, DriverHub, MyASUS/RMA, and Armory Crate. The “AyySSHush” campaign, also known as Ace Hush, is particularly targeting ASUS routers. GreyNoise’s analysis indicates that attackers are employing brute-force techniques, bypassing authentication, exploiting CVE‑2023‑39780 for command injection, and leveraging ASUS’s built-in AiProtection settings to implant SSH backdoors in non-volatile memory. This means these backdoors persist even after reboots and firmware updates. As a result, there are urgent calls for users to update their firmware and perform factory resets.

Security Vulnerabilities Found

Security researcher Paul “Mr. Bruh,” mentioned by Gamers Nexus, uncovered a zero-click remote code execution flaw in ASUS DriverHub, along with hardcoded admin credentials in MyASUS and the RMA portal. This vulnerability exposes sensitive user information, including names, birthdates, addresses, and phone numbers. Even though ASUS released patches in May 2025, Gamers Nexus criticizes the response as mere acknowledgements, lacking any substantial bug bounty programs to incentivize further security improvements.

Ongoing Risks with Armory Crate

Cisco Talos researcher Marson Icewall Noga has also reported two kernel-level vulnerabilities in Armory Crate’s ASIO3 driver, which allow for physical memory mapping and access to low-level hardware. Despite available security updates, Gamers Nexus warns that Armory Crate tends to reinstall itself through BIOS settings and Windows firmware updates, functioning like elevated-risk bloatware. The suggestion is clear: users should uninstall any non-essential ASUS utilities, turn off BIOS installation options, and ensure their firmware is up-to-date.

Gamers Nexus argues that ASUS’s ongoing release of motherboard-level utilities, combined with neglected software and router vulnerabilities, creates a dangerously large attack surface. Users need to take action by proactively removing risky applications, disabling bloatware features, and updating their router and system firmware right away—especially since some vulnerabilities continue to be active despite official patches.

Source: Link

Filed under — Computers