2 min Security

Vulnerability in Asus routers allows remote takeover by hackers

Vulnerability in Asus routers allows remote takeover by hackers

Several models of Asus modem/Wi-Fi routers contain a vulnerability that allows hackers to take them over remotely. These include recent models, as well as older models that are no longer supported, according to the manufacturer in an alert about firmware updates.

According to Taiwanese hardware manufacturer Asus, several of its modem/Wi-Fi routers are affected by vulnerability CVE-2024-3912. Although this vulnerability was found in December 2023, Asus and TWCERT, the Taiwanese CERT, only recently disclosed it.

The very critical vulnerability allows malicious actors to upload arbitrary firmware onto affected routers. Hackers can then gain unauthorized access to these devices, take over them remotely, and execute certain commands.

New and obsolete models

A total of fourteen affected Asus modem/wifi routers are vulnerable. The affected models are: DSL-N17U, DSL-N55U_C1, DSL-N55U_D1, DSL-N66U, DSL-N14U, DSL-N14U_B1, DSL-N12U_C1, DSL-N12U_D1, DSL-N16, DSL-AC51, DSL-AC750, DSL-AC52U, DSL- AC55U and DSL-AC56U.

Asus no longer supports some of these models due to obsolescence. These are the DSL-N10_C1, DSL-N10_D1, DSL-N10P_C1, DSL-N12E_C1, DSL-N16P, DSL-N16U, DSL-AC52 and DSL-AC55 models.

To counter the vulnerability, Asus has released a firmware update that should patch the vulnerability in the affected routers. For the outdated models, the advice is to replace them with an up-to-date one as soon as possible. If this is not immediately possible, TWCERT advises users to disable remote access, virtual server, port forwarding, DDNS and VPN server features.

Second critical vulnerability

Asus and TWCERT also warn about another critical vulnerability that could potentially affect the brand’s routers: CVE-2024-3080. This vulnerability involves an authentication bypass, which allows cybercriminals to remotely bypass authentication and log into affected devices.

This concerns the Asus router models XT8, XT8_V2, RT-AX88U, RT-AX58U, RT-AX57, RT-AC86U and RT-AC68U. Updates are now available for this vulnerability as well.

Also read: ASUS presents servers and storage focused on HPC and AI