ASUS releases critical security updates for router vulnerabilities
ASUS has released software updates to fix critical security vulnerabilities in its routers that could be exploited by malicious actors to bypass authentication and execute arbitrary commands.
One vulnerability, tracked as CVE-2024-3080, has a CVSS score of 9.8 and allows unauthenticated remote attackers to log into devices. Another, CVE-2024-3079, with a CVSS score of 7.2, is a high-severity buffer overflow flaw that could be exploited by attackers with administrative privileges.
If combined, these vulnerabilities could enable an attacker to bypass authentication and execute malicious code on affected devices. The impacted devices include various models and versions of ZenWiFi XT8, RT-AX88U, RT-AX58U, RT-AX57, RT-AC86U, and RT-AC68U, with specific versions noted. These issues have been patched in the newest firmware updates, and users are urged to update their devices to these latest versions to mitigate potential threats.
Additionally, earlier in January, ASUS patched another critical vulnerability, CVE-2024-3912, also with a CVSS score of 9.8, which could allow unauthenticated remote attackers to upload arbitrary files and execute system commands on the device. Users of affected routers are strongly advised to apply the latest updates to secure their devices against these severe security risks – change also your passwords and enable two-factor authentication to further protect against unauthorized access and potential attacks.
