Threat update

 ASUS released a product security advisory urging customers to update their firmware to address a critical authentication bypass vulnerability impacting multiple of its router models. Review this Cybersecurity Threat Advisory to learn which router models are impacted and how to mitigate your risks.

Technical Detail and Additional Info

What is the threat?

ASUS released a critical firmware update to fix a severe vulnerability CVE-2024-3080, which affects seven of its business router models. This vulnerability has a CVSS v3.1 score of 9.8, is an authentication bypass vulnerability that allows remote attackers to take control of the device without requiring authentication. Users of affected routers are advised to update to the latest version to secure against potential threats.

Users of ASUS routers are urged to check the firmware status and apply the update immediately. The following is a list of the affected routers:

• XT8 (ZenWiFi AX XT8)
• XT8_V2
• RT-AX88U
• RT-AX58U
• RT-AX57
• RT-AC86U
• RT-AC68U

Why is it noteworthy?

This is a stark reminder to use supported technology and regularly replace end-of-life devices to keep pace with the evolving landscape. It's also an important reminder to practice regular cybersecurity best practices to apply firmware and software updates promptly. There is an additional vulnerability, CVE-2024-3079, affects the same router models. This flaw arises from a buffer overflow issue, enabling remote hackers with administrative access to execute arbitrary commands on the affected router.

A third vulnerability impacting various ASUS router models was highlighted in the Taiwan Computer Emergency Response Team/Coordination Center (TWCERT/ICC). Tracked as CVE-2024-3912 with a severity rating of 9.8, the flaw allows remote hackers to execute commands without user authentication. Below is a list of the affected models:

• DSL-N12U_C1
• DSL-N12U_D1
• DSL-N14U
• DSL-N14U_B1
• DSL-N16
• DSL-N17U
• DSL-N55U_C1
• DSL-N55U_D1
• DSL-N66U
• DSL-AC51
• DSL-AC750
• DSL-AC52U
• DSL-AC55U
• DSL-AC56U

What is the exposure or risk?

There are no known reports of exploitation of these vulnerabilities. However, routers have become a favored target for hackers, who often use them to obscure the origins of their attacks. Recently, both nation-state espionage agents and financially motivated threat actors have been discovered using routers, sometimes simultaneously. Hackers backed by the Russian and Chinese governments frequently launch attacks on critical infrastructure from routers connected to trusted IP addresses. Most of these hijackings occur by exploiting unpatched vulnerabilities or weak passwords. These vulnerabilities highlight the importance of keeping router firmware up to date. Routers are an essential piece of network infrastructure, and unpatched flaws can provide attackers with easy access to the local network and connected devices. 

What are the recommendations?

 LBT Technology Group recommends the following actions to keep your environment secured:

• Perform regular check for your router's firmware updates on the manufacturer's download portal.
• Disable publicly accessible services such as remote access from WAN, port forwarding, DDNS, PN server, DMZ, or port trigger if immediate firmware update is not possible.
• Use strong, unique passwords for both your wireless network and router administration page. These passwords should be at least 11 characters long and randomly generated.
• Enable automatic updates where possible to ensure your router firmware is always current.

References

 For more in-depth information about the recommendations, please visit the following links:

• Techradar
• ITPro
• The Hacker News
• Spiceworks

If you have any questions, please contact LBT's Sales Engineer.