Security updates: Attackers can compromise Asus routers

Anyone who owns an Asus router should update their device to the latest version as soon as possible. In the latest firmware versions, the developers have closed a "critical" security gap.

The danger

As can be seen from the security section of the Asus website, the WLAN router models RT-AC68U, RTAC86U, RT-AX57, RT-AX58U, RT-AX88U, XT8_V2 and XT8 are affected by the "critical" vulnerability (CVE-2024-3080). The firmware versions secured against possible attacks are available for download on the Asus page mentioned above.

Remote attackers should be able to use the gap without authentication to gain full control of the router after a successful attack. How such an attack could work and whether there are already attacked devices is not yet known.

Anyone who is currently unable to install the secure firmware should ensure that a strong log-in and WLAN password is used. Furthermore, the admin panel should not be accessible via the internet for security reasons. Owners should also keep an eye on whether remote access, for example via VPN, is enabled. If this is the case, access should be limited to selected accounts for security reasons.

Further loopholes

The Asus developers have also closed another gap (CVE-2024-3079 "high") in the security updates. However, attackers must already have admin rights to exploit this vulnerability. The router manufacturer has also released version 3.1.0.114 of its Download Master tool.

The CERT from Taiwan also warn s of a "critical" vulnerability (CVE-2024-3912). Attackers can use this vulnerability to upload firmware prepared with malicious code. The repaired versions 1.1.2.3_792, 1.1.2.3_807 and 1.1.2.3_999 for various models help here.

The problem is that the vulnerability also threatens routers that are no longer in support and no longer receive updates. This includes the DSL-N10_C1, DSL-N10_D1, DSL-N10P_C1, DSL-N12E_C1, DSL-N16P, DSL-N16U, DSL-AC52 and DSL-AC55 models.

(des)