Asus patches serious security flaw across multiple routers — update now if you have any of these models

Celebrity Gig

Asus has rolled out a critical firmware update to patch a severe vulnerability affecting seven of its business router models, urging customers and users to check their firmware status and apply the update accordingly.

The flaw, identified as CVE-2024-3080 with a VCSS v3.1 score of 9.8, is an authentication bypass vulnerability that allows unauthenticated remote attackers to gain control of the device.

The affected routers, a series of XT8 and RT models, should now be checked for firmware updates in order to prevent unwarranted access and to ensure optimal protection.

READ ALSO:  With ChatGPT hype swirling, UK government urges regulators to come up with rules for A.I.

Asus patches seven router models

The models affected include the following Wi-Fi 5 and Wi-Fi 6 models: XT8 (ZenWiFi AX XT8), XT8_V2 (ZenWiFi AX XT8 V2), RT-AX88U, RT-AX58U, RT-AX57, RT-AC86U, and RT-AC68U.

The latest Asus firmware versions are available on its download portals; however, for users unable to update immediately, Asus has also provided a set of instructions and guidance to improve protection, noting users should opt for strong passwords and disable internet access to the admin panel, remote access from WAN, port forwarding, DDNS, VPN server, DMZ, and port trigger.

READ ALSO:  A big Chromebook update just delivered 4 super-useful features – here's what's new

In the same update package, Asus also addresses CVE-2024-3079, a high-severity buffer overflow vulnerability that requires admin account access to exploit. It was awarded a CVSS score of 7.2.

Yet another vulnerability, tracked as CVE-2024-3912, has been identified. With a CVSS score of 9.8, it allows unauthenticated remote attackers to execute system commands. However, not all routers will be eligible for the update due to end-of-life status.

Though the company’s routers often make it into the news for security fixes and firmware updates, it’s clear that the company remains committed to protecting its users in a timely manner. However, with sunsetted devices no longer receiving updates, this news serves as an important reminder not only to ensure that firmware and software updates are applied in due time, but that users replace their devices regularly in order to keep up with an evolving tech and threat landscape. 

More from TechRadar Pro

Categories

Share This Article
Leave a comment