ASUS Issues Critical Firmware Update for Seven Router Models
June 15, 2024
ASUS has rolled out a firmware update to rectify a critical vulnerability that affects seven of its router models. The vulnerability, tagged as CVE-2024-3080, is an authentication bypass issue that could allow remote attackers to seize control of the device. ASUS has advised users to update their devices with the latest firmware versions available on its download portals. For those unable to immediately apply the update, ASUS recommends ensuring that their account and WiFi passwords are strong and disabling internet access to the admin panel, remote access from WAN, port forwarding, DDNS, VPN server, DMZ, and port trigger.
Along with CVE-2024-3080, ASUS has also addressed another vulnerability, CVE-2024-3079, a high-severity buffer overflow issue that necessitates admin account access for exploitation.
Taiwan's CERT has also made public an additional vulnerability, CVE-2024-3912, a critical arbitrary firmware upload flaw that enables unauthenticated, remote attackers to execute system commands on the device. This flaw affects multiple ASUS router models, some of which will not receive security updates due to reaching their end-of-life (EoL) status.
Furthermore, ASUS has released an update for Download Master, a utility used on ASUS routers for managing and downloading files directly to a connected USB storage device. The new Download Master version 3.1.0.114 addresses five medium to high-severity issues related to arbitrary file upload, OS command injection, buffer overflow, reflected XSS, and stored XSS problems. Users are advised to update their utility to version 3.1.0.114 or later for optimal security and protection.
Latest News
- CISA Alerts on Windows Vulnerability Used in Ransomware Attacks
- Critical RCE Bug in Ivanti Endpoint Manager: PoC Exploit Available
- Critical Veeam Recovery Orchestrator Auth Bypass Exploit Released: Immediate Patching Required
- Rockwell's ICS Advisory Amid Rising Critical Infrastructure Threats
- Biometric Security Vulnerabilities Uncovered: Authentication Risks in the Spotlight
Like what you see?
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.