Multiple ASUS router models have been affected by an authentication bypass vulnerability, allowing remote takeovers. Learn more about the threat and measures for mitigation.

June 19, 2024

(Credits: Shutterstock.com)

  • ASUS has released patches for a critical flaw in multiple router models that allows threat actors to remotely take control of the devices.
  • The vulnerability, CVE-2024-3080, allows hackers to circumvent authentication procedures without any input from the end users.

ASUS has released patch updates for a critical vulnerability affecting multiple router models. This vulnerability allows threat actors to remotely take control without having access to authentication credentials or the input of end users. Following the discovery, the Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC) has recommended that owners of affected devices replace them.

The vulnerability, CVE-2024-3080, is an authentication bypass flaw that allows attackers to log in remotely, circumventing authentication measures. It carries a 9.8 out of 10 severity rating and affects multiple router models, including the XT8 and XT8 V2, RT-AX58U, RT-AX57, RT-AX88U, RT-AC86U, and RT-AC68U.

See More: TAG Reissues “Brand Safety” Certificate to X, Draws Ire of Industry Watchdogs

The TWCERT/CC also warned of two other vulnerabilities affecting ASUS routers, the CVE-2024-3079 and the CVE-2024-3912, which are a buffer overflow vulnerability and remote command execution flaw, respectively. The latter affects the DSL-N12U C1, DSL-N12U D1, DSL-N14U, DSL-N14U B1, DSL-N16, DSL-N17U, DSL-N55U C1, DSL-N55U D1, DSL-N66U, DSL-AC51/DSL-AC750, DSL-AC52U, DSL-AC55U, and DSL-AC56U models.

ASUS has released security patches for these flaws and urged device owners to check for the latest firmware. Users are also recommended to set strong, unique passwords for router administration pages and wireless networks, while cutting services accessible via the internet, such as WAN remote access, port forwarding and trigger, VPN, and DDNS.

The vulnerabilities’ discovery revealed hackers’ increased use of routers to obfuscate their trails, especially with the larger resources of nation-state actors, and the need for measures to mitigate such threats.

LATEST NEWS STORIES

Anuj Mudaliar

Anuj Mudaliar is a content development professional with a keen interest in emerging technologies, particularly advances in AI. As a tech editor for Spiceworks, Anuj covers many topics, including cloud, cybersecurity, emerging tech innovation, AI, and hardware. When not at work, he spends his time outdoors – trekking, camping, and stargazing. He is also interested in cooking and experiencing cuisine from around the world.