Three critical vulnerabilities, CVE-2024-3080, CVE-2024-3079, and CVE-2024-3912, have been discovered in several Asus router models, affecting users’ security and privacy. The company has issued patches and firmware updates and urged users to apply them as soon as possible.
The first, CVE-2024-3080, is an authentication bypass vulnerability that permits remote attackers to enter devices without authentication, compromising the network security of the affected routers.
As noted by the Taiwan Computer Emergency Response Team/Coordination Center (TWCERT/CC), this vulnerability has been rated 9.8 out of 10 in severity, emphasising its critical impact.
The impacted routers are as follows:
- XT8 and XT8_V2
- RT-AX88U
- RT-AS58U
- RT-AX57
- RT-AC86U (version 3.0.0.4.386_51925 and 3.0.0.4.386_51685)
In addition to CVE-CVE-2024-3080, another vulnerability, CVE-2024-3079, has been identified, affecting the same router models. This buffer overflow flaw allows remote attackers with administrative access to execute arbitrary commands on the affected routers. Although it requires prior access, it further compromises the security of these devices.
A third critical vulnerability, CVE-2024-3912, presents another severe threat, Allowing remote hackers to execute commands on affected routers without any user identification. With a severity rating of 9.8, this vulnerability affects a different set of Asus router models, including:
- DSL-N12U_C1
- DSL-N12U_D1
- DSL-N14U
- DSL-N14U_B1
- DSL-N16
- DSL-N17U
- DSL-N55U_C1
- DSL-N55U_D1
- DSL-N66U
- DSL-AC51/DSL-AC750
- DSL-AC52U
- DSL-AC55U
- DSL-AC56U
Apart from that, the CVE-2024-3912 vulnerability also impacts several discontinued Asus router models, for which no official support is available. TWCERT/CC advises owners of the following models to replace their devices immediately:
- DSL-N10_C1
- DSL-N10_D1
- DSL-N10P_C1
- DSL-N12E_C1
- DSL-N16P
- DSL-N16U
- DSL-AC52
- DSL-AC55
Asus has issued patches for these models and urged users to ensure their routers are running the latest firmware updates by visiting the support site. Furthermore, the company advises users to keep a strong password for the router’s admin pages and to disable devices that can be accessed from the internet, such as remote access for the WAN, port forwarding, DDNS, VPN server, DMZ, and port trigger.
While there have been no reports of these vulnerabilities being exploited in the wild, the increasing frequency of router hijackings by nation-state actors and financially motivated cybercriminals highlights the importance of maintaining up-to-date and secure network devices.
Routers, often overlooked in home and small office setups, have become price targets due to their critical role in network connectivity and the potential for exploitation, notes ArsTechnica.
Recently, security vulnerabilities were found in Netgear’s budget-friendly router. Last month, Chalubo malware bricked more than 600,00 Sagemcom and ActionTec routers.
Furthermore, TP-Link patched an RCE flaw on one of its routers in May 2024. The trend of using compromised routers as launch points for cyberattacks is likely to continue, making proactive security measures more essential than ever.
In the News: Fake Google Chrome error instructs users to run malicious PowerShell scripts