Hackers could easily exploit one of those bugs to access users' web-based control panels and change their security settings. If the user isn't exactly tech-savvy, someone with malicious intentions doesn't even have to hack the device. He simply has to use ASUS' default log-in credentials: username "admin" and password "admin."
ASUS' AiCloud and AiDisk services also suffered from critical security vulnerabilities. AiCloud allows people to attach a USB hard drive to their routers and use it as a cloud service, while AiDisk gives users a way to connect to those USB drives via FTP. They're both supposed to keep a user's data secure, but in February 2014, hackers exploited their flaws to gain access to 12,900 customers' storage devices. Further, a bug in ASUS' system prevented customers' devices from detecting and accessing the latest firmware that had patches to fix those issues.
That's why (besides having to subject itself to audits for the next 20 years) ASUS also had to promise to notify users of the latest updates and to send them instructions on how they can protect themselves. The company can't make misleading promises about its products' security, as well. ASUS has to pay $16,000 for every violation -- it's not that big for a multinational corporation, but we hope it's big enough to make the company keep its promises.
[Image credit: Kārlis Dambrāns/Flickr]