ASUS Issues Critical Firmware Update for Seven Router Models

June 15, 2024

ASUS has rolled out a firmware update to rectify a critical vulnerability that affects seven of its router models. The vulnerability, tagged as CVE-2024-3080, is an authentication bypass issue that could allow remote attackers to seize control of the device. ASUS has advised users to update their devices with the latest firmware versions available on its download portals. For those unable to immediately apply the update, ASUS recommends ensuring that their account and WiFi passwords are strong and disabling internet access to the admin panel, remote access from WAN, port forwarding, DDNS, VPN server, DMZ, and port trigger.

Along with CVE-2024-3080, ASUS has also addressed another vulnerability, CVE-2024-3079, a high-severity buffer overflow issue that necessitates admin account access for exploitation.

Taiwan's CERT has also made public an additional vulnerability, CVE-2024-3912, a critical arbitrary firmware upload flaw that enables unauthenticated, remote attackers to execute system commands on the device. This flaw affects multiple ASUS router models, some of which will not receive security updates due to reaching their end-of-life (EoL) status.

Furthermore, ASUS has released an update for Download Master, a utility used on ASUS routers for managing and downloading files directly to a connected USB storage device. The new Download Master version 3.1.0.114 addresses five medium to high-severity issues related to arbitrary file upload, OS command injection, buffer overflow, reflected XSS, and stored XSS problems. Users are advised to update their utility to version 3.1.0.114 or later for optimal security and protection.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.