Security News ASUS warns of critical remote authentication bypass on 7 routers

vtqhtr413

Level 27
Thread author
Well-known
Aug 17, 2017
1,609
ASUS has released a new firmware update that addresses a vulnerability impacting seven router models that allow remote attackers to log in to devices. The flaw, tracked as CVE-2024-3080 (CVSS v3.1 score: 9.8 “critical”), is an authentication bypass vulnerability allowing unauthenticated, remote attackers to take control of the device.

ASUS says the issue impacts the following router models:
  • XT8 (ZenWiFi AX XT8) – Mesh WiFi 6 system offering tri-band coverage with speeds up to 6600 Mbps, AiMesh support, AiProtection Pro, seamless roaming, and parental controls.
  • XT8_V2 (ZenWiFi AX XT8 V2) – Updated version of the XT8, maintaining similar features with enhancements in performance and stability.
  • RT-AX88U – Dual-band WiFi 6 router with speeds up to 6000 Mbps, featuring 8 LAN ports, AiProtection Pro, and adaptive QoS for gaming and streaming.
  • RT-AX58U – Dual-band WiFi 6 router providing up to 3000 Mbps, with AiMesh support, AiProtection Pro, and MU-MIMO for efficient multi-device connectivity.
  • RT-AX57 – Dual-band WiFi 6 router designed for basic needs, offering up to 3000 Mbps, with AiMesh support and basic parental controls.
  • RT-AC86U – Dual-band WiFi 5 router with speeds up to 2900 Mbps, featuring AiProtection, adaptive QoS, and game acceleration.
  • RT-AC68U – Dual-band WiFi 5 router offering up to 1900 Mbps, with AiMesh support, AiProtection, and robust parental controls.
ASUS suggests that people update their devices to the latest firmware versions available on its download portals (links for each model above). Firmware update instructions are available on this FAQ page.

For those unable to update the firmware immediately, the vendor suggests they ensure their account and WiFi passwords are strong (over 10 non-consecutive characters long). Moreover, it is recommended to disable internet access to the admin panel, remote access from WAN, port forwarding, DDNS, VPN server, DMZ, and port trigger.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top