ASUS has shipped software program updates to handle a important security flaw impacting its routers that could possibly be exploited by malicious actors to bypass authentication.
Tracked as CVE-2024-3080, the vulnerability carries a CVSS rating of 9.8 out of a most of 10.0.
“Sure ASUS router fashions have authentication bypass vulnerability, permitting unauthenticated distant attackers to log within the machine,” in response to an outline of the flaw shared by the Taiwan Laptop Emergency Response Group / Coordination Heart (TWCERT/CC).
Additionally patched by the Taiwanese firm is a high-severity buffer overflow flaw tracked as CVE-2024-3079 (CVSS rating: 7.2) that could possibly be weaponized by distant attackers with administrative privileges to execute arbitrary instructions on the machine.
In a hypothetical assault state of affairs, a foul actor may style CVE-2024-3080 and CVE-2024-3079 into an exploit chain in an effort to sidestep authentication and execute malicious code on vulnerable gadgets.
Each the shortcomings influence the next merchandise –
- ZenWiFi XT8 model 3.0.0.4.388_24609 and earlier (Mounted in 3.0.0.4.388_24621)
- ZenWiFi XT8 model V2 3.0.0.4.388_24609 and earlier (Mounted in 3.0.0.4.388_24621)
- RT-AX88U model 3.0.0.4.388_24198 and earlier (Mounted in 3.0.0.4.388_24209)
- RT-AX58U model 3.0.0.4.388_23925 and earlier (Mounted in 3.0.0.4.388_24762)
- RT-AX57 model 3.0.0.4.386_52294 and earlier (Mounted in 3.0.0.4.386_52303)
- RT-AC86U model 3.0.0.4.386_51915 and earlier (Mounted in 3.0.0.4.386_51925)
- RT-AC68U model 3.0.0.4.386_51668 and earlier (Mounted in 3.0.0.4.386_51685)
Earlier this January, ASUS patched one other important vulnerability tracked as (CVE-2024-3912, CVSS rating: 9.8) that would allow an unauthenticated distant attacker to add arbitrary recordsdata and execute system instructions on the machine.
Customers of affected routers are suggested to replace to the newest model to safe towards potential threats.
