The company has addressed a significant security weakness affecting ASUS routers through the release of software upgrades. Malicious actors might exploit this flaw to circumvent authentication.
The vulnerability, under the identifier CVE-2024-3080, receives a CVSS score of 9.8 out of a possible 10.0.
You might be interested in: What to do when you get a phishing email?
The Taiwan Computer Emergency Response Team/CCoordination Center (TWCERT/CC) distributed a description of the vulnerability, stating that “certain ASUS router models have an authentication bypass vulnerability, which allows unauthenticated remote attackers to log in to the device.”
The Taiwanese company also patched a high-severity buffer overflow bug, tracked as CVE-2024-3079 (CVSS score: 7.2). Remote attackers with administrative access might exploit this flaw to execute arbitrary instructions on the device.
In a hypothetical attack scenario, a hostile actor may create an exploit chain by combining CVE-2024-3080 and CVE-2024-3079. This would allow them to circumvent authentication and execute malicious code on devices that are vulnerable to the attack.
These two shortcomings impact the products listed below:
- ZenWiFi XT8 version 3.0.0.4.388_24609 and earlier (fixed in 3.0.0.4.388_24621)
- ZenWiFi XT8 version V2 3.0.0.4.388_24609 and earlier (fixed in 3.0.0.4.388_24621)
- ZenWiFi XT8 version 3.0.0.4.388_24609 and earlier
- Version 3.0.0.4.388_24198 and older versions of the RT-AX88U (version 3.0.0.4.388_24209) are now fixed.
- The RT-AX58U had earlier versions, such as 3.0.0.4.388_23925, which 3.0.0.4.388_24762 addressed.
- Version 3.0.0.4.386_52294 and earlier of the RT-AX57 have been fixed in 3.0.0.4.386_52303, while version 3.0.0.4.386_51915 and earlier of the RT-AC86U have been fixed in 3.0.0.4.386_51925.
- Earlier iterations of the RT-AC68U, such as 3.0.0.4.386_51668 (fixed in 3.0.0.4.386_51685)
- ASUS patched an additional critical vulnerability, tracked as CVE-2024-3912 (CVSS score: 9.8), earlier this month. This vulnerability could allow an unauthenticated remote attacker to upload arbitrary files and execute system instructions on the device.
We strongly encourage users of affected routers to update to the most recent version to protect themselves from any potential dangers.
MANAGED CYBERSECURITY SOLUTIONS
Rhyno delivers a range of activities that combine to fully protect your infrastructure and data from cybercriminals, anywhere and everywhere, 24/7/365.
About Rhyno Cybersecurity Services
Rhyno Cybersecurity is a Canadian-based company focusing on 24/7 Managed Detection and Response, Penetration Testing, Enterprise Cloud, and Cybersecurity Solutions for small and midsize businesses.
Our products and services are robust, innovative, and cost-effective. Underpinned by our 24x7x365 Security Operations Centre (SOC), our experts ensure you have access to cybersecurity expertise when you need it the most.