Critical Security Patches Released for ASUS Routers

ASUS Releases Critical Patches for Router Vulnerabilities
ASUS has issued patch updates to address a severe security flaw, identified as CVE-2024-3080, affecting multiple router models. This vulnerability allows hackers to bypass authentication protocols and remotely take control of the devices without user input. The flaw, which has a critical severity rating of 9.8 out of 10, impacts models including XT8, XT8 V2, RT-AX58U, RT-AX57, RT-AX88U, RT-AC86U, and RT-AC68U. In response, the Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC) advises owners of affected models to replace their devices.
Additionally, two other vulnerabilities have been identified in ASUS routers: CVE-2024-3079, a buffer overflow issue, and CVE-2024-3912, a remote command execution flaw. These affect various DSL models such as DSL-N12U, DSL-N14U, DSL-N17U, and DSL-AC series.
ASUS urges users to update their firmware, set strong passwords for router administration and wireless networks, and disable internet-accessible services to enhance security. The discoveries highlight the increasing exploitation of routers by hackers, particularly those backed by nation-states, necessitating robust countermeasures.