If you use an ASUS router at your home or business, you may be at risk! ASUS has shipped software updates to address a critical security flaw impacting its routers that could be exploited by malicious actors to bypass authentication. This vulnerability is recorded as CVE-2024-3080 and carries a CVSS score of 9.8 out of a maximum 10.0.
Also patched is the high severity buffer overflow flaw CVE-2024-3079 (CVSS score: 7.2) that could be weaponized by remote attackers with administrative privileges to execute arbitrary commands on an Asus device.
Both the security vulnerabilities impact the following products –
- ZenWiFi XT8 version 3.0.0.4.388_24609 and earlier (Fixed in 3.0.0.4.388_24621)
- ZenWiFi XT8 version V2 3.0.0.4.388_24609 and earlier (Fixed in 3.0.0.4.388_24621)
- RT-AX88U version 3.0.0.4.388_24198 and earlier (Fixed in 3.0.0.4.388_24209)
- RT-AX58U version 3.0.0.4.388_23925 and earlier (Fixed in 3.0.0.4.388_24762)
- RT-AX57 version 3.0.0.4.386_52294 and earlier (Fixed in 3.0.0.4.386_52303)
- RT-AC86U version 3.0.0.4.386_51915 and earlier (Fixed in 3.0.0.4.386_51925)
- RT-AC68U version 3.0.0.4.386_51668 and earlier (Fixed in 3.0.0.4.386_51685)
As published by thehackernews.com:
“In a hypothetical attack scenario, a bad actor could fashion CVE-2024-3080 and CVE-2024-3079 into an exploit chain in order to sidestep authentication and execute malicious code on susceptible devices.”
Earlier this January, ASUS patched another critical vulnerability that could permit an unauthenticated remote attacker to upload arbitrary files and execute system commands on the device.
Users of affected routers are advised to update to the latest version to secure against potential threats. Stay vigilant!
Not sure what to do? Contact us and let us help!