ASUS Addresses Critical Router Security Flaws

ASUS has released software updates to fix a critical security vulnerability affecting its routers, which could be exploited by malicious actors to bypass authentication. This flaw, identified as CVE-2024-3080, carries a severity score of 9.8 out of 10 on the CVSS scale, indicating a high level of risk.

What is a CVE?

A CVE (Common Vulnerabilities and Exposures) is a standardized identifier for a security vulnerability. Managed by the MITRE Corporation, the CVE system helps facilitate the sharing of information about known vulnerabilities across different security tools and services. Each CVE entry includes a brief description of the vulnerability, the affected software, and sometimes references to additional information or patches.

The Vulnerabilities

The primary vulnerability, CVE-2024-3080, allows unauthenticated remote attackers to log into certain ASUS router models. This serious flaw can potentially grant attackers full access to the device, enabling them to manipulate settings or deploy further malicious activities.

Another vulnerability, CVE-2024-3079, has a CVSS score of 7.2 and involves a buffer overflow flaw. This issue could be exploited by remote attackers with administrative privileges to execute arbitrary commands on the device. When combined, these two vulnerabilities could allow an attacker to bypass authentication and execute malicious code on affected routers.

Affected Models and Fixes

The vulnerabilities impact several ASUS router models, and users are strongly advised to update their devices to the latest firmware versions. The affected models and their respective fixed versions are as follows:

• ZenWiFi XT8: Version 3.0.0.4.388_24609 and earlier (Fixed in 3.0.0.4.388_24621)

• ZenWiFi XT8 V2: Version 3.0.0.4.388_24609 and earlier (Fixed in 3.0.0.4.388_24621)

• RT-AX88U: Version 3.0.0.4.388_24198 and earlier (Fixed in 3.0.0.4.388_24209)

• RT-AX58U: Version 3.0.0.4.388_23925 and earlier (Fixed in 3.0.0.4.388_24762)

• RT-AX57: Version 3.0.0.4.386_52294 and earlier (Fixed in 3.0.0.4.386_52303)

• RT-AC86U: Version 3.0.0.4.386_51915 and earlier (Fixed in 3.0.0.4.386_51925)

• RT-AC68U: Version 3.0.0.4.386_51668 and earlier (Fixed in 3.0.0.4.386_51685)

In addition, ASUS addressed another critical vulnerability earlier this year, tracked as CVE-2024-3912, which also had a CVSS score of 9.8. This flaw could allow unauthenticated remote attackers to upload arbitrary files and execute system commands on the device.

Who is at Risk?

Anyone using the affected ASUS router models is at risk. This includes both individual users and organizations that rely on these routers for network connectivity. The vulnerabilities could lead to unauthorized access, data breaches, and other security incidents if left unpatched.

How to Protect Yourself

1. Update Your Firmware: Ensure your router's firmware is updated to the latest version provided by ASUS. This is the most effective way to protect against the identified vulnerabilities.

2. Enable Automatic Updates: If your router supports automatic updates, enable this feature to ensure you receive the latest security patches as soon as they are released.

3. Use Strong Passwords: Always use strong, unique passwords for your router's administrative interface. Avoid using default or easily guessable passwords.

4. Disable Remote Management: If you do not need remote access to your router's management interface, disable this feature to reduce the attack surface.

5. Monitor Network Activity: Keep an eye on your network for any unusual activity, which could indicate a potential security breach.

6. Use Additional Security Tools: Consider using additional security measures such as firewalls and intrusion detection systems to further protect your network.

By taking these steps, you can help safeguard your network against potential attacks and ensure the security of your ASUS router. Regularly updating your devices and staying informed about new vulnerabilities are key components of maintaining a secure home or business network.