Introduction
This topic was presented at the Off-By-One Conference held in Singapore on May 8, 2025.
ASUS is one of the better-known manufacturers in the consumer electronics space, and its IoT lineup covers a wide range of products. At the same time, its router family has repeatedly drawn attention for security problems. Past cases include high-impact issues such as the cfgserver vulnerability discussed in the Tianfu Cup and an httpd authentication bypass flaw. Taken together, these incidents point to deeper weaknesses that may exist in the security design of ASUS router products.
The presentation centers on a structured analysis of the attack surface exposed by ASUS router devices. Rather than looking at single bugs in isolation, it examines how historical vulnerabilities fit into the broader security picture and what they reveal about the overall architecture.
A major part of the discussion focuses on the lighttpd component used inside the AiCloud service. This area is examined in depth to uncover potential security risks and to understand how exposed services and internal components may become part of practical attack paths.
The analysis covers multiple vulnerabilities as well as related remote code execution (RCE) chains, with attention to how these issues can be combined, what systems may be affected, and what the resulting consequences could look like in real deployments. It also includes recommendations aimed at improving security in future ASUS router designs and implementations.
Public slides
The presentation slides have been made available publicly for anyone who wants to explore the material in full.