ASUS has released patches for addressing several vulnerabilities resides in its router products.
The first one is a critical remote authentication bypass vulnerability, tracked as CVE-2024-3080 with a CVSS score of 9.8, which is an authentication bypass issue that a remote attacker can exploit to log into the device without authentication.
The flaw impacts the following models:
- ZenWiFi XT8 3.0.0.4.388_24609 (inclusive) previous versions
- ZenWiFi Version RT-AX57 3.0.0.4.386_52294 (inclusive) previous version
- ZenWiFi Version RT-AC86U 3.0.0.4.386_51915 (inclusive) previous version
- ZenWiFi Version RT-AC68U 3.0.0.4.386_51668 (inclusive) previous version
The company released the firmware update to address the issue in its routers
Asus also addressed a critical upload arbitrary firmware flaw, tracked as CVE-2024-3912 with a CVSS score of 9.8, is an unauthenticated, remote attacker can exploit the flaw to execute system commands on the vulnerable device.
Some impacted models will not receive the firmware updates because they have reached the end-of-life.
If those routers are not able to get replaced, it is recommended to close it. Remote access (Web access from WAN), virtual server (Port forwarding), DDNS, VPN server, DMZ, port trigger
