CVE-2024-3080: ASUS warns Customers about the latest Authentication Bypass Vulnerability detected Across seven Router Models
2024-6-22 01:13:45 Author: lab.wallarm.com(查看原文) 阅读量:15 收藏

ASUS announces major Firmware Update

ASUS recently issued a firmware update to resolve a critical security vulnerability affecting seven different variants of its router models.

Identified as CVE-2024-3080 with a CVSS v3 severity score of 9.8 (critical), the vulnerability permits remote attackers to take control of the affected router models without needing any login credentials.

While the main reason behind this flaw hasn’t been disclosed by Asus yet, it could be the result of age-old conventional issues like poorly implemented encryption protocols, hardcoded credentials, or the failure to properly validate input data. As a result, malicious actors can exploit this flaw to gain administrative control over the affected routers.

Product Models and Versions affected by the Authentication Bypass Flaw

The vulnerability was first detected in the wild on June 14th across the following Asus router models:

Models Versions
ZenWiFi XT8  3.0.0.4.388_24609 and earlier
ZenWiFi XT8  V2 3.0.0.4.388_24609 and earlier
RT-AX88U  3.0.0.4.388_24198 and earlier
RT-AX58U  3.0.0.4.388_23925 and earlier
RT-AX57  3.0.0.4.386_52294 and earlier
RT-AC86U  3.0.0.4.386_51915 and earlier
RT-AC68U 3.0.0.4.386_51668 and earlier
For more details, visit Asus’ official FAQ & Support page.

*Note:
Certain affected models will not receive the firmware updates because they have been designated as end-of-life (EoL).

Why should Asus’ Customers Worry about this Flaw?

Under normal circumstances, routers are configured to require a username and password for administrative access. This security measure blocks unauthorized individuals from making modifications that could jeopardize the network’s security or operational integrity.

However, if attackers exploit this vulnerability, they can gain access to the compromised routers and carry out various malicious actions. They might change the router’s settings - such as altering DNS configurations to reroute internet traffic through malicious servers. This redirection can facilitate phishing schemes, data interception, or man-in-the-middle attacks. Furthermore, attackers could extract sensitive information stored on the router (including network credentials) and infiltrate other devices connected to the network.

In more severe scenarios, attackers might use the compromised router as a launchpad for further attacks within the local network, spreading malware or engaging in espionage. The consequences of this vulnerability are particularly severe because routers serve as vital components of network infrastructure, acting as the gateway between local networks and the internet.

Remediation - Mitigating the Vulnerability

ASUS advises users to upgrade their devices to the latest firmware versions. Detailed instructions can be found on their official download portal.

For those who cannot update the firmware right away, ASUS recommends the following preemptive measures:

- Create unique and strong passwords for your wireless network and router administration page. These passwords should include a combination of uppercase letters, numbers, and special symbols.

- Disable any services that are accessible via the internet. This includes disabling internet access to the admin panel, remote access from WAN, port forwarding, DDNS, VPN server, DMZ, and port triggering.

ASUS has also released an update for Download Master, a utility used on ASUS routers that allows users to manage and download files directly to a connected USB storage device via torrent, HTTP, or FTP. 

The new version, Download Master 3.1.0.114, resolves five medium to high-severity vulnerabilities, including issues related to arbitrary file upload, OS command injection, buffer overflow, reflected XSS, and stored XSS.


文章来源: https://lab.wallarm.com/cve-2024-3080-authentication-bypass-vulnerability-detected-across-seven-router-models/
如有侵权请联系:admin#unsafe.sh