Updates have been issued by Asus to remediate critical vulnerabilities impacting several of its router models, according to Ars Technica.
Most severe of the addressed flaws is an authentication bypass issue, tracked as CVE-2024-3080, which could be leveraged to enable remote infiltration of devices, while a buffer overflow issue, tracked as CVE-2024-3079, could be exploited to allow command execution among attackers with admin privileges to breached routers. Both flaws affect Asus' RT-AC68U, RT-AC86U, RT-AX57, RT-AX57, RT-AX88U, XT8, and XT8_V2 router models.
Meanwhile, Taiwan's Computer Emergency Response Team/Coordination Center has urged for the immediate application of fixes to the critical command execution bug, tracked as CVE-2024-3912, which had been addressed by Asus in January.
Included in the devices impacted by the issue are the DSL-AC51/DSL-AC750, DSL-AC52U, DSL-AC55U, DSL-AC56U, DSL-N12U_C1, DSL-N12U_D1, DSL-N14U, DSL-N14U_B1, DSL-N16, DSL-N17U, DSL-N55U_C1, DSL-N55U_D1, and DSL-N66U routers, as well as the DSL-N10_C1, DSL-N10_D1, DSL-N10P_C1, DSL-N12E_C1, DSL-N16P, DSL-N16U, DSL-AC52, and DSL-AC55 routers that have reached end of life.
No active exploitation of any of the flaws has been reported.
