Eight vulnerabilities were identified in various models of ASUS wireless routers, two of which were assigned a critical level of danger (8 out of 9.8). Details about the exploitation of the problems have not yet been provided; it is only known that the first critical vulnerability (CVE-10-2024) allows you to remotely connect to a device without authentication. The second critical vulnerability (CVE-3080-2024) allows an unauthenticated attacker to download arbitrary firmware, which can be used to remotely execute any system commands on the device.
The first critical vulnerability affects ASUS ZenWiFi XT8 wireless routers.
RT-AX57, RT-AC86U, RT-AX58U, RT-AC68U and RT-AX88U, and the second device ASUS DSL-N17U, DSL-N55U_C1, DSL-N55U_D1, DSL-N66U, DSL-N14U, DSL-N14U_B1, DSL- N12U_C1, DSL-N12U_D1, DSL-N16, DSL-AC51, DSL-AC750, DSL-AC52U, DSL-AC55U and DSL-AC56U. For still supported vulnerable devices, ASUS has published a firmware update that fixes the identified problems.
Among the vulnerabilities identified in ASUS devices and marked as dangerous, we can also note buffer overflows (CVE-2024-3079, CVE-2024-31163) and errors in checking input data in ASUS Download Master (CVE-2024-31161, CVE-2024-31162 ), allowing an attacker with access to the device to execute system commands.
Source: opennet.ru
