ASUS FIXED A BUG IN MANY ROUTERS RELATING TO CRITICAL REMOTE AUTHENTICATION.

 ASUS FIXED A BUG IN MANY ROUTERS RELATING TO CRITICAL REMOTE AUTHENTICATION.

The massive Taiwanese manufacturer ASUS fixed a serious remote authentication bypass problem that affected a number of router models.

A serious remote authentication bypass vulnerability that affects seven different router models and is listed as CVE-2024-3080 (CVSS v3.1 score: 9.8) is fixed by ASUS.

A remote attacker can access the device without authentication by taking advantage of the weakness, which is an authentication bypass vulnerability.


The following models are affected by the flaw:

• ZenWiFi XT8 3.0.0.4.388_24609 (inclusive) previous versions
• ZenWiFi Version RT-AX57 3.0.0.4.386_52294 (inclusive) previous version
• ZenWiFi Version RT-AC86U 3.0.0.4.386_51915 (inclusive) previous version
• ZenWiFi Version RT-AC68U 3.0.0.4.386_51668 (inclusive) previous version

The company released the following firmware update to address the issue:

• Update ZenWiFi XT8 to 3.0.0.4.388_24621 (inclusive) and later versions
• Update ZenWiFi XT8 V2 to 3.0.0.4.388_24621 (inclusive) and later versions
• Update RT-AX88U to 3.0.0.4.388_24209 (inclusive) and later versions
• Update RT-AX58U to 3.0 .0.4.388_24762 (inclusive) and later versions
• update RT-AX57 to 3.0.0.4.386_52303 (inclusive) and later versions
• update RT-AC86U to 3.0.0.4.386_51925 (inclusive) and later versions
• update RT-AC68U to 3.0.0.4.386_51685 ( (including) later versions

 Additionally, the vendor fixed a severe upload arbitrary firmware problem that affected several devices and was tracked as CVE-2024-3912 (CVSS score 9.8). The vulnerability allows an unauthorized remote attacker to take control of the compromised device and issue system instructions.

Carlos Köpke from PLASMALABS found the vulnerability. DSL-N17U, DSL-N55U_C1, DSL-N55U_D1, DSL-N66U, DSL-N14U, DSL-N14U_B1, DSL-N12U_C1, DSL-N12U_D1, DSL-N16, DSL-AC51, DSL-AC750, DSL-AC52U, DSL-AC55U, and DSL-AC56U are among the items being affected.
Since certain affected models are no longer in production, they will not get firmware upgrades (EoL).

The defect is fixed in the subsequent versions:

• Update the following models to 1.1.2.3_792 (inclusive) and later versions:
• DSL-N17U, DSL-N55U_C1, DSL-N55U_D1, DSL-N66U
• Update the following models to 1.1.2.3_807 (inclusive) and later versions:
• DSL-N12U_C1, DSL -N12U_D1, DSL-N14U, DSL-N14U_B1
• Update the following models to 1.1.2.3_999 (inclusive) and later versions:
• DSL-N16, DSL-AC51, DSL-AC750, DSL-AC52U, DSL-AC55U, DSL-AC56U
• and following models No longer maintained, it is recommended to replace
• DSL-N10_C1, DSL-N10_D1, DSL-N10P_C1, DSL-N12E_C1, ,DSL-N16P, DSL-N16U, DSL-AC52, DSL-AC55.
• If it cannot be replaced in the short term, it is recommended to close it. Remote access (Web access from WAN), virtual server (Port forwarding), DDNS, VPN server, DMZ, port trigger.