ASUS has recently issued urgent firmware updates for several router models to address critical security vulnerabilities.

Description

ASUS has released urgent firmware updates for several router models to address critical security vulnerabilities. One of these vulnerabilities, an authentication bypass flaw (CVE-2024-3080) [2] [3], allows remote attackers to gain control without authentication [4] [5]. Additionally, a buffer overflow vulnerability (CVE-2024-3079) enables remote hackers with administrative access to execute commands [4], and another critical vulnerability (CVE-2024-3912) allows remote execution of commands without authentication [4]. The impacted router models include ZenWiFi XT8 [1] [4], RT-AX88U [1] [2] [3] [4], RT-AX58U [1] [2] [3] [4], RT-AX57 [1] [2] [3] [4], RT-AC86U [1] [2] [3] [4], and RT-AC68U [1] [2] [3] [4]. ASUS had already patched the CVE-2024-3912 vulnerability in January, which allowed unauthenticated remote attackers to upload arbitrary files and execute system commands [2] [3]. Some ASUS router models will not receive security updates due to reaching their end-of-life [5]. Users are strongly advised to update to the latest firmware version to protect against potential threats [2] [3]. ASUS also recommends setting strong passwords, regularly updating firmware [4], and disabling services reachable from the Internet for enhanced security. Owners of unsupported models are encouraged to consider replacing their devices.

Conclusion

It is crucial for users to update their ASUS router firmware to the latest version to mitigate the risks posed by these critical security vulnerabilities. Failure to do so could result in unauthorized access and potential exploitation by malicious actors. Additionally, users should follow best practices such as setting strong passwords and regularly updating firmware to enhance the security of their devices. For owners of unsupported models [4], it may be necessary to consider replacing their devices to ensure continued protection against security threats.

References

[1] https://securityonline.info/asus-issues-critical-security-update-for-router-vulnerability-cve-2024-3080-cvss-9-8/
[2] https://thehackernews.com/2024/06/asus-patches-critical-authentication.html
[3] https://www.redpacketsecurity.com/asus-patches-critical-authentication-bypass-flaw-in-multiple-router-models/
[4] https://arstechnica.com/security/2024/06/high-severity-vulnerabilities-affect-a-wide-range-of-asus-router-models/
[5] https://cyber.vumetric.com/security-news/2024/06/15/asus-warns-of-critical-remote-authentication-bypass-on-7-routers/