www.belgium.be Logo of the federal government

WARNING: ASUS FIXED THREE REMOTE CODE EXECUTION VULNERABILITIES IN THEIR ROUTERS, PATCH IMMEDIATELY!

Referentie: 
Advisory #2024-88
Versie: 
1.0
Geïmpacteerde software: 
CVE-2024-3912: DSL-N17U;
DSL-N17U
DSL-N55U_C1; DSL-N55U_D1
DSL-N66U
DSL-N14U; DSL-N14U_B1
DSL-N12U_C1; DSL-N12U_D1
DSL-N16
DSL-AC51
DSL-AC750
DSL-AC52U
DSL-AC55U
DSL-AC56U
CVE-2024-3080 and CVE-2024-3079: ZenWiFi XT8 version 3.0.0.4.388_24609 and earlier;
ZenWiFi XT8 version V2 3.0.0.4.388_24609 and earlier
RT-AX88U version 3.0.0.4.388_24198 and earlier
RT-AX58U version 3.0.0.4.388_23925 and earlier
RT-AX57 version 3.0.0.4.386_52294 and earlier
RT-AC86U version 3.0.0.4.386_51915 and earlier
RT-AC68U version 3.0.0.4.38
Type: 
Remote Code Execution (RCE)
CVE/CVSS: 

CVE-2024-3912: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVE-2024-3080: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVE-2024-3079: 7.2 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

Bronnen

TW-CERT: https://www.twcert.org.tw/en/cp-139-7858-3c978-2.html

TW-CERT: https://www.twcert.org.tw/en/cp-139-7876-396bd-2.html

TW-CERT: https://www.twcert.org.tw/en/cp-139-7860-760b1-2.html

ASUS: https://www.asus.com/content/asus-product-security-advisory/

Risico’s

ASUS addressed three critical remote code execution vulnerabilities in their routers. A remote attacker could exploit these vulnerabilities to trigger remote code execution and security restriction bypass on the targeted system.

The flaws affect multiple ASUS router models, but not all will be getting security updates due to them having reached their end-of-life (EoL). An EoL product should be replaced with a newer model that continues to receive security updates.

The vulnerabilities have a HIGH impact on Confidentiality, Integrity and Availability.

Beschrijving

ASUS patched three vulnerabilities that can lead to Remote Code Execution.

See the security advisories from TW-CERT for more information about the software versions available to mitigate these vulnerabilities.

CVE-2024-3079: https://www.twcert.org.tw/en/cp-139-7858-3c978-2.html
CVE-2024-3912: https://www.twcert.org.tw/en/cp-139-7876-396bd-2.html
CVE-2024-3080: https://www.twcert.org.tw/en/cp-139-7860-760b1-2.html

Aanbevolen acties

Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.

Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

Referenties

Bleeping Computer: https://www.bleepingcomputer.com/news/security/asus-warns-of-critical- remote-authentication-bypass-on-7-routers/