ASUS has patched three critical vulnerabilities in its routers. One vulnerability allowed attackers to bypass authentication on remote routers. Some older models will not receive patches for a particular vulnerability.

Asus He writes on his website It has released security updates for vulnerabilities CVE-2024-3079 and CVE-2024-3080. Updates are available for the following WiFi routers: ZenWifi XT8, ZenWifi XT8_V2, RT-AX88U, RT-AX58U, RT-AX57, RT-AC86U, and RT-AC68U.

They are weak CVE-2024-3080 It has a CVSS score of 9.8. This vulnerability allows attackers to bypass authentication on ASUS routers remotely and log in this way. CVE-2024-3079 It has a CVSS score of 7.2. This vulnerability indicates a buffer overflow leak that requires administrator account access. ASUS recommends that customers with the above routers perform a firmware update. If this is not possible, the manufacturer recommends using strong account and WiFi passwords and disabling some network functions of the routers.

The Taiwan Computer Emergency Response Team, TWCERT for short, also reported CVE-2024-3912. This vulnerability has been given a CVSS score of 9.8 and allows remote execution of unauthorized system commands via arbitrary firmware. The vulnerability CVE-2024-3912 has been discovered in the following ASUS devices: DSL-N17U, DSL-N55U_C1, DSL-N55U_D1, DSL-N66U, DSL-N12U_C1, DSL-N12U_D1, DSL-N14U, DSL-N14U_B1, DSL-N16, DSL-AC51, DSL-AC750, DSL-AC52U, DSL-AC55U, DSL-AC56U. These devices have also received a firmware update. The vulnerability was also found in DSL-N10_C1, DSL-N10_D1, DSL-N10P_C1, DSL-N12E_C1, DSL-N16P, DSL-N16U, DSL-AC52, and DSL-AC55. However, these devices have reached the end of their life and will no longer receive the patch via firmware update. TWCERT therefore recommends replacing these devices.