High-severity vulnerabilities affect a wide range of Asus router models

by
Dan Goodin
from Ars Technica - All content on (#6NK6K)
code-vulnerability-security-800x534.jpg

Enlarge (credit: Getty Images)

Hardware manufacturer Asus has released updates patching multiple critical vulnerabilities that allow hackers to remotely take control of a range of router models with no authentication or interaction required of end users.

The most critical vulnerability, tracked as CVE-2024-3080 is an authentication bypass flaw that can allow remote attackers to log into a device without authentication. The vulnerability, according to the Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC), carries a severity rating of 9.8 out of 10. Asus said the vulnerability affects the following routers:

Model nameSupport Site link
XT8 and XT8_V2https://www.asus.com/uk/supportonly/asus%20zenwifi%20ax%20(xt8)/helpdesk_bios/
RT-AX88Uhttps://www.asus.com/supportonly/RT-AX88U/helpdesk_bios/
RT-AX58Uhttps://www.asus.com/supportonly/RT-AX58U/helpdesk_bios/
RT-AX57https://www.asus.com/networking-iot-servers/wifi-routers/asus-wifi-routers/rt-ax57/helpdesk_bios
RT-AC86Uhttps://www.asus.com/supportonly/RT-AC86U/helpdesk_bios/
RT-AC68Uhttps://www.asus.com/supportonly/RT-AC68U/helpdesk_bios/
A favorite haven for hackers

A second vulnerability tracked as CVE-2024-3079 affects the same router models. It stems from a buffer overflow flaw and allows remote hackers who have already obtained administrative access to an affected router to execute commands.

Read 5 remaining paragraphs | Comments

External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments