ASUS addresses critical vulnerabilities in multiple routers

The Taiwanese manufacturer ASUS has released firmware updates to address two critical vulnerabilities impacting various models of its routers. These vulnerabilities include an authentication bypass (CVE-2024-3080) that allows remote attackers to access the device without authentication, and an upload arbitrary firmware flaw (CVE-2024-3912) that grants unauthenticated remote attackers the ability to execute system commands on the vulnerable device.

The authentication bypass vulnerability, tracked as CVE-2024-3080, affects the following ASUS router models:

  • ZenWiFi XT8 3.0.0.4.388_24609 and previous versions
  • ZenWiFi Version RT-AX57 3.0.0.4.386_52294 and previous versions
  • ZenWiFi Version RT-AC86U 3.0.0.4.386_51915 and previous versions
  • ZenWiFi Version RT-AC68U 3.0.0.4.386_51668 and previous versions

The firmware updates released by ASUS introduce new versions of the affected models, including:

  • ZenWiFi XT8 to 3.0.0.4.388_24621 and later versions
  • ZenWiFi XT8 V2 to 3.0.0.4.388_24621 and later versions
  • RT-AX88U to 3.0.0.4.388_24209 and later versions
  • RT-AX58U to 3.0.0.4.388_24762 and later versions
  • RT-AX57 to 3.0.0.4.386_52303 and later versions
  • RT-AC86U to 3.0.0.4.386_51925 and later versions
  • RT-AC68U to 3.0.0.4.386_51685 and later versions

Additionally, ASUS has addressed the upload arbitrary firmware flaw with the following updates:

  • DSL-N17U, DSL-N55U_C1, DSL-N55U_D1, DSL-N66U: Update to 1.1.2.3_792 and later versions
  • DSL-N12U_C1, DSL-N12U_D1, DSL-N14U, DSL-N14U_B1: Update to 1.1.2.3_807 and later versions
  • DSL-N16, DSL-AC51, DSL-AC750, DSL-AC52U, DSL-AC55U, DSL-AC56U: Update to 1.1.2.3_999 and later versions

It is recommended that users update their devices to the latest firmware versions to protect against these vulnerabilities and ensure the devices are protected against potential threats.

It's worth noting that some models will not receive firmware updates due to reaching end-of-life (EoL) status. These models include the DSL-N10 series, DSL-N12E, and DSL-N16P. Users with devices that have reached EoL are recommended to replace them as soon as possible.

These recent updates reflect ASUS's ongoing commitment to improving the security of its devices and protecting users from potential threats.

To stay updated on the latest security news and updates, be sure to follow me on Twitter @securityaffairs and Mastodon.

Read more