High severity vulnerabilities affect a wide range of Asus router models

Hardware manufacturer Asus has released updates that patch multiple critical vulnerabilities that allow hackers to remotely take control of a variety of router models without requiring authentication or interaction from end users.

The most critical vulnerability, identified as CVE-2024-3080, is an authentication bypass flaw that could allow remote attackers to log in to a device without authentication. The vulnerability, according to the Taiwan Computer Emergency Response Team/Coordination Center (TWCERT/CC), has a severity rating of 9.8 out of 10. Asus said the vulnerability affects the following routers:

A favorite haven for hackers

A second vulnerability identified as CVE-2024-3079 affects the same router models. It is caused by a buffer overflow flaw and allows remote hackers who have already gained administrative access to an affected router to execute commands.

TWCERT/CC warns of a third vulnerability that affects several models of Asus routers. It is tracked as CVE-2024-3912 and may allow remote hackers to execute commands without requiring user authentication. The vulnerability, with a severity rating of 9.8, affects:

Security patches, which have been available since January, are available for those models at the links provided in the table above. CVE-2024-3912 also affects Asus router models that are no longer supported by the manufacturer. Those models include:

• DSL-N10_C1
• DSL-N10_D1
• DSL-N10P_C1
• DSL-N12E_C1
• DSL-N16P
• DSL-N16U
• DSL-AC52
• DSL-AC55

TWCERT/CC advises owners of these devices to replace them.

Asus has recommended all router owners to periodically check their devices to ensure they are running the latest firmware available. The company also recommended users set a separate password from the wireless network and the router’s management page. Additionally, passwords must be strong, meaning 11 or more unique and randomly generated characters. Asus also recommended users to disable any services that can be accessed from the Internet, including remote access from WAN, port forwarding, DDNS, VPN server, DMZ, and port trigger. The company provided FAQs here and here.

There are no known reports of any of the vulnerabilities being actively exploited in the wild. That said, routers have become a favorite refuge for hackers, who often use them to hide the source of their attacks. In recent months, both nation-state spy spies and financially motivated threat actors have been found camping on routers, sometimes simultaneously. Hackers backed by the Russian and Chinese governments regularly attack critical infrastructure from routers connected to IP addresses with reputations for trustworthiness. Most hijackings are possible by exploiting unpatched vulnerabilities or weak passwords.