Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerabilities in ASUS' Router Products
Alerts

Critical Vulnerabilities in ASUS' Router Products

20 June 2024

ASUS has released security updates to address two critical vulnerabilities (CVE-2024-3080 and CVE-2024-3912) in their router products. The vulnerabilities have a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10. 

The vulnerabilities are:

  • CVE-2024-3080: An authentication bypass vulnerability that can allow a remote attacker to log into a device without authentication.

  • CVE-2024-3912: An arbitrary firmware upload vulnerability that can allow an unauthenticated remote attacker to execute arbitrary system commands on a device.

The vulnerabilities affect the following products:

  • ZenWiFi XT8, ZenWiFi XT8 V2

  • RT-AX88U, RT-AX58U, RT-AX57

  • RT-AC86U, RT-AC68U

  • DSL-N12U_C1, DSL-N12U_D1

  • DSL-N14U, DSL-N14U_B1

  • DSL-N16, DSL-N17U

  • DSL-N55U_C1, DSL-N55U_D1

  • DSL-N66U, DSL-AC51, DSL-AC750, DSL-AC52U, DSL-AC55U, DSL-AC56U

  • DSL-N10_C1, DSL-N10_D1, DSL-N10P_C1 (End-of-life)

  • DSL-N12E_C1 (End-of-life)

  • DSL-N16P, DSL-N16U (End-of-life)

  • DSL-AC52, DSL-AC55 (End-of-life)

Users and administrators of affected products are advised to update to the latest firmware version immediately. 

For affected end-of-life products, users and administrators should upgrade to a supported product to address the vulnerabilities.

More information is available here:

https://www.asus.com/content/asus-product-security-advisory/

https://www.twcert.org.tw/en/cp-139-7876-396bd-2.html

https://www.twcert.org.tw/en/cp-139-7860-760b1-2.html

https://www.bleepingcomputer.com/news/security/asus-warns-of-critical-remote-authentication-

Back to top