ASUS releases patches for critical vulnerabilities in routers

ASUS has patched three critical vulnerabilities in its routers. One of the vulnerabilities allowed malicious parties to bypass authentication on the routers from a distance. Some older models will no longer receive patches for a particular vulnerability.

ASUS writes on his website that it has released security updates for vulnerabilities CVE-2024-3079 and CVE-2024-3080. The updates are available for the following WiFi routers: ZenWifi XT8, ZenWifi XT8_V2, RT-AX88U, RT-AX58U, RT-AX57, RT-AC86U, RT-AC68U.

Vulnerability CVE-2024-3080 received a CVSS score of 9.8. This vulnerability allows attackers to remotely bypass authentication on ASUS routers and log in that way. CVE-2024-3079 received a CVSS score of 7.2. This vulnerability refers to a buffer overflow leak that requires access to the admin account. ASUS recommends that customers with the aforementioned routers perform a firmware update. If that is not possible, the manufacturer recommends using strong account and Wi-Fi passwords and disabling certain network functions of the routers.

The Taiwan Computer Emergency Response Team, TWCERT for short, has also reported CVE-2024-3912. This vulnerability has been given a CVSS score of 9.8 and allows remote execution of unauthorized system commands via arbitrary firmware. Vulnerability CVE-2024-3912 was found in the following ASUS devices: DSL-N17U, DSL-N55U_C1, DSL-N55U_D1, DSL-N66U, DSL-N12U_C1, DSL-N12U_D1, DSL-N14U, DSL-N14U_B1, DSL-N16 , DSL-AC51, DSL-AC750, DSL-AC52U, DSL-AC55U and DSL-AC56U. These devices have also received a firmware update. The vulnerability was also found in DSL-N10_C1, DSL-N10_D1, DSL-N10P_C1, DSL-N12E_C1, DSL-N16P, DSL-N16U, DSL-AC52, DSL-AC55. However, these devices are end-of-life and will no longer receive a patch via a firmware update. The TWCERT therefore recommends replacing these devices.

ASUS RT-AX88U