ASUS has shipped software program updates to deal with a vital safety flaw impacting its routers that could possibly be exploited by malicious actors to bypass authentication.
Tracked as CVE-2024-3080, the vulnerability carries a CVSS rating of 9.8 out of a most of 10.0.
“Sure ASUS router fashions have authentication bypass vulnerability, permitting unauthenticated distant attackers to log within the machine,” in accordance with an outline of the flaw shared by the Taiwan Laptop Emergency Response Staff / Coordination Middle (TWCERT/CC).
Additionally patched by the Taiwanese firm is a high-severity buffer overflow flaw tracked as CVE-2024-3079 (CVSS rating: 7.2) that could possibly be weaponized by distant attackers with administrative privileges to execute arbitrary instructions on the machine.
In a hypothetical assault situation, a foul actor may style CVE-2024-3080 and CVE-2024-3079 into an exploit chain with the intention to sidestep authentication and execute malicious code on inclined gadgets.
Each the shortcomings influence the next merchandise –
- ZenWiFi XT8 model 3.0.0.4.388_24609 and earlier (Mounted in 3.0.0.4.388_24621)
- ZenWiFi XT8 model V2 3.0.0.4.388_24609 and earlier (Mounted in 3.0.0.4.388_24621)
- RT-AX88U model 3.0.0.4.388_24198 and earlier (Mounted in 3.0.0.4.388_24209)
- RT-AX58U model 3.0.0.4.388_23925 and earlier (Mounted in 3.0.0.4.388_24762)
- RT-AX57 model 3.0.0.4.386_52294 and earlier (Mounted in 3.0.0.4.386_52303)
- RT-AC86U model 3.0.0.4.386_51915 and earlier (Mounted in 3.0.0.4.386_51925)
- RT-AC68U model 3.0.0.4.386_51668 and earlier (Mounted in 3.0.0.4.386_51685)
Earlier this January, ASUS patched one other vital vulnerability tracked as (CVE-2024-3912, CVSS rating: 9.8) that would allow an unauthenticated distant attacker to add arbitrary information and execute system instructions on the machine.
Customers of affected routers are suggested to replace to the newest model to safe towards potential threats.
