Asus has released a critical firmware update to fix a serious vulnerability affecting seven of its commercial router models, urging customers and users to check the status of their firmware and apply the update accordingly.
The flaw, identified as CVE-2024-3080 with a VCSS v3.1 score of 9.8, is an authentication bypass vulnerability that allows unauthenticated remote attackers to gain control of the device.
Affected routers, a series of XT8 and RT models, should now be checked for firmware updates to prevent unwarranted access and ensure optimal protection.
Asus patches seven router models
Affected models include the following Wi-Fi 5 and Wi-Fi 6 models: XT8 (ZenWiFi AX XT8), XT8_V2 (ZenWiFi AX -AC68U.
The latest versions of Asus firmware are available on their download portals; However, for users who cannot update immediately, Asus has also provided a set of instructions and guidance to improve protection, noting that users should opt for strong passwords and disable Internet access to the administration panel, remote access from WAN, port forwarding, DDNS, VPN. server, DMZ and port activator.
In the same update package, Asus also addresses CVE-2024-3079, a high severity buffer overflow vulnerability that requires access to an administrator account to exploit. It was given a CVSS score of 7.2.
Another vulnerability has been identified, identified as CVE-2024-3912. With a CVSS score of 9.8, it allows unauthenticated remote attackers to execute system commands. However, not all routers will be eligible for the upgrade due to end-of-life status.
Although the company's routers are often in the news for security fixes and firmware updates, it is clear that the company remains committed to protecting its users in a timely manner. However, with decommissioned devices no longer receiving updates, this news serves as an important reminder to not only ensure that firmware and software updates are applied in a timely manner, but that users replace their devices regularly to keep up. up to date with evolving technology and threats. landscape.