High-severity vulnerabilities affect a wide range of Asus router models

Enlarge (credit: Getty Images)

Hardware manufacturer Asus has released updates patching multiple critical vulnerabilities that allow hackers to remotely take control of a range of router models with no authentication or interaction required of end users.

The most critical vulnerability, tracked as CVE-2024-3080 is an authentication bypass flaw that can allow remote attackers to log into a device without authentication. The vulnerability, according to the Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC), carries a severity rating of 9.8 out of 10. Asus said the vulnerability affects the following routers:

Model name	Support Site link
XT8 and XT8_V2	https://www.asus.com/uk/supportonly/asus%20zenwifi%20ax%20(xt8)/helpdesk_bios/
RT-AX88U	https://www.asus.com/supportonly/RT-AX88U/helpdesk_bios/
RT-AX58U	https://www.asus.com/supportonly/RT-AX58U/helpdesk_bios/
RT-AX57	https://www.asus.com/networking-iot-servers/wifi-routers/asus-wifi-routers/rt-ax57/helpdesk_bios
RT-AC86U	https://www.asus.com/supportonly/RT-AC86U/helpdesk_bios/
RT-AC68U	https://www.asus.com/supportonly/RT-AC68U/helpdesk_bios/

A favorite haven for hackers

A second vulnerability tracked as CVE-2024-3079 affects the same router models. It stems from a buffer overflow flaw and allows remote hackers who have already obtained administrative access to an affected router to execute commands.

Read 5 remaining paragraphs | Comments

source https://arstechnica.com/?p=2031993