High-severity vulnerabilities affect a wide range of Asus router models
Hardware manufacturer Asus has released updates patching multiple critical vulnerabilities that allow hackers to remotely take control of a range of router models with no authentication or interaction required of end users.
The most critical vulnerability, tracked as CVE-2024-3080 is an authentication bypass flaw that can allow remote attackers to log into a device without authentication. The vulnerability, according to the Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC), carries a severity rating of 9.8 out of 10. Asus said the vulnerability affects the following routers:
A favorite haven for hackers
A second vulnerability tracked as CVE-2024-3079 affects the same router models. It stems from a buffer overflow flaw and allows remote hackers who have already obtained administrative access to an affected router to execute commands.
TWCERT/CC is warning of a third vulnerability affecting various Asus router models. It’s tracked as CVE-2024-3912 and can allow remote hackers to execute commands with no user authentication required. The vulnerability, carrying a severity rating of 9.8, affects:
Security patches, which have been available since January, are available for those models at the links provided in the table above. CVE-2024-3912 also affects Asus router models that are no longer supported by the manufacturer. Those models include:
- DSL-N10_C1
- DSL-N10_D1
- DSL-N10P_C1
- DSL-N12E_C1
- DSL-N16P
- DSL-N16U
- DSL-AC52
- DSL-AC55
TWCERT/CC advises owners of these devices to replace them.
Asus has advised all router owners to regularly check their devices to ensure they’re running the latest available firmware. The company also recommended users set a separate password from the wireless network and router-administration page. Additionally, passwords should be strong, meaning 11 or more characters that are unique and randomly generated. Asus also recommended users disable any services that can be reached from the Internet, including remote access from the WAN, port forwarding, DDNS, VPN server, DMZ, and port trigger. The company provided FAQs here and here.
There are no known reports of any of the vulnerabilities being actively exploited in the wild. That said, routers have become a favorite haven for hackers, who often use them to hide the origins of their attacks. In recent months, both nation-state espionage spies and financially motivated threat actors have been found camping out in routers, sometimes simultaneously. Hackers backed by the Russian and Chinese governments regularly wage attacks on critical infrastructure from routers that are connected to IP addresses with reputations for trustworthiness. Most of the hijackings are made possible by exploiting unpatched vulnerabilities or weak passwords.
Source link