Asus recently released patches to fix various vulnerabilities in the brand’s routers. There were security breaches in the equipment that were considered serious.
According to this Hacker NewsThe most serious flaw, called CVE-2024-3080, has a score of 9.8 out of 10. It allows hackers to bypass the equipment’s authentication system and log in remotely.
The CVE-2024-3079 vulnerability is a buffer overflow vulnerability with classification 7.2. It allows hackers to execute remote commands on routers whose authentication system has already been modified.
If a hacker manages to exploit both vulnerabilities on the same device, they will be able to run malicious code without any hindrance and without administrator permission. These vulnerabilities affect the following router models that currently have firmware containing fixes (from the version indicated in parentheses):
- ZenWiFi XT8 version 3.0.0.4.388_24609 (3.0.0.4.388_24621);
- ZenWiFi XT8 version V2 3.0.0.4.388_24609 (3.0.0.4.388_24621);
- RT-AX88U version 3.0.0.4.388_24198 (3.0.0.4.388_24209);
- RT-AX58U version 3.0.0.4.388_23925 (3.0.0.4.388_24762);
- RT-AX57 version 3.0.0.4.386_52294 (3.0.0.4.386_52303);
- RT-AC86U version 3.0.0.4.386_51915 (3.0.0.4.386_51925);
- RT-AC68U version 3.0.0.4.386_51668 (3.0.0.4.386_51685).
Other vulnerabilities
There is also a third vulnerability called CVE-2024-3912, classified as 9.8. It allows remote authentication by a hacker who can upload arbitrary files and execute commands that require administrator permission.
The routers affected and with the fix are the following models:
- DSL-N12U_C1;
- DSL-N12U_D1;
- DSL-N14U;
- DSL-N14U_B1;
- DSL-N16;
- DSL-N17U;
- DSL-N55U_C1;
- SL-N55U_D1;
- DSL-N66U;
- DSL-AC51/DSL-AC750;
- SL-AC52U;
- DSL-AC55U;
- DSL-AC56U.
In January, Asus had already fixed another flaw known as CVE-2024-3912, which also affected routers.
Despite the loopholes, there were no reports of any attacks or exploits of the equipment by hackers. Flaws in routers are often exploited by malicious actors trying to hide the source of the problem.
To prevent intrusions, Asus recommends that you always keep the equipment’s firmware up to date, have secure and separate passwords for wireless internet and device “administrator” access, and disable internet-accessible services.
Source: Tec Mundo
I am a passionate and hardworking journalist with an eye for detail. I specialize in the field of news reporting, and have been writing for Gadget Onus, a renowned online news site, since 2019. As the author of their Hot News section, I’m proud to be at the forefront of today’s headlines and current affairs.
