Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerabilities in ASUS' Router Products
Alerts

Critical Vulnerabilities in ASUS' Router Products

20 June 2024

ASUS has released security updates to address two critical vulnerabilities (CVE-2024-3080 and CVE-2024-3912) in their router products. The vulnerabilities have a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10. 

The vulnerabilities are:

  • CVE-2024-3080: An authentication bypass vulnerability that can allow a remote attacker to log into a device without authentication.

  • CVE-2024-3912: An arbitrary firmware upload vulnerability that can allow an unauthenticated remote attacker to execute arbitrary system commands on a device.

The vulnerabilities affect the following products:

  • ZenWiFi XT8, ZenWiFi XT8 V2

  • RT-AX88U, RT-AX58U, RT-AX57

  • RT-AC86U, RT-AC68U

  • DSL-N12U_C1, DSL-N12U_D1

  • DSL-N14U, DSL-N14U_B1

  • DSL-N16, DSL-N17U

  • DSL-N55U_C1, DSL-N55U_D1

  • DSL-N66U, DSL-AC51, DSL-AC750, DSL-AC52U, DSL-AC55U, DSL-AC56U

  • DSL-N10_C1, DSL-N10_D1, DSL-N10P_C1 (End-of-life)

  • DSL-N12E_C1 (End-of-life)

  • DSL-N16P, DSL-N16U (End-of-life)

  • DSL-AC52, DSL-AC55 (End-of-life)

Users and administrators of affected products are advised to update to the latest firmware version immediately. 

For affected end-of-life products, users and administrators should upgrade to a supported product to address the vulnerabilities.

More information is available here:

https://www.asus.com/content/asus-product-security-advisory/

https://www.twcert.org.tw/en/cp-139-7876-396bd-2.html

https://www.twcert.org.tw/en/cp-139-7860-760b1-2.html

https://www.bleepingcomputer.com/news/security/asus-warns-of-critical-remote-authentication-

Back to top