ASUS addresses critical vulnerabilities in multiple routers

The Taiwanese manufacturer ASUS has released firmware updates to address two critical vulnerabilities impacting various models of its routers. These vulnerabilities include an authentication bypass (CVE-2024-3080) that allows remote attackers to access the device without authentication, and an upload arbitrary firmware flaw (CVE-2024-3912) that grants unauthenticated remote attackers the ability to execute system commands on the vulnerable device.

The authentication bypass vulnerability, tracked as CVE-2024-3080, affects the following ASUS router models:

  • ZenWiFi XT8 and previous versions
  • ZenWiFi Version RT-AX57 and previous versions
  • ZenWiFi Version RT-AC86U and previous versions
  • ZenWiFi Version RT-AC68U and previous versions

The firmware updates released by ASUS introduce new versions of the affected models, including:

  • ZenWiFi XT8 to and later versions
  • ZenWiFi XT8 V2 to and later versions
  • RT-AX88U to and later versions
  • RT-AX58U to and later versions
  • RT-AX57 to and later versions
  • RT-AC86U to and later versions
  • RT-AC68U to and later versions

Additionally, ASUS has addressed the upload arbitrary firmware flaw with the following updates:

  • DSL-N17U, DSL-N55U_C1, DSL-N55U_D1, DSL-N66U: Update to and later versions
  • DSL-N12U_C1, DSL-N12U_D1, DSL-N14U, DSL-N14U_B1: Update to and later versions
  • DSL-N16, DSL-AC51, DSL-AC750, DSL-AC52U, DSL-AC55U, DSL-AC56U: Update to and later versions

It is recommended that users update their devices to the latest firmware versions to protect against these vulnerabilities and ensure the devices are protected against potential threats.

It's worth noting that some models will not receive firmware updates due to reaching end-of-life (EoL) status. These models include the DSL-N10 series, DSL-N12E, and DSL-N16P. Users with devices that have reached EoL are recommended to replace them as soon as possible.

These recent updates reflect ASUS's ongoing commitment to improving the security of its devices and protecting users from potential threats.

To stay updated on the latest security news and updates, be sure to follow me on Twitter @securityaffairs and Mastodon.

Read more