Technology giant ASUS has recently addressed a critical security flaw that impacts several of its popular router models. The vulnerability, tracked as CVE-2024-3080, is a remote authentication bypass issue that could allow a remote attacker to log into vulnerable devices without any authentication.
The flaw has been assigned a CVSS v3.1 severity score of 9.8 out of 10, indicating it is a critical risk. If successfully exploited, the vulnerability could enable an attacker to take full control of the affected router.
The remote authentication bypass vulnerability impacts the following ASUS router models:
ASUS has released firmware updates to address CVE-2024-3080 for all the affected models. Users are strongly advised to update their routers to the latest available firmware version as soon as possible.
In addition to CVE-2024-3080, ASUS has also patched another critical flaw, CVE-2024-3912, which is an arbitrary firmware upload vulnerability. This could allow a remote unauthenticated attacker to execute commands on vulnerable devices. Multiple router models were affected, with some older end-of-life devices recommended for replacement if the firmware cannot be updated.
While awaiting the opportunity to install the firmware updates, ASUS recommends some temporary mitigation steps:
Users should also update the Download Master utility on their ASUS routers to version 3.1.0.114 or later to address several other vulnerabilities.
These vulnerabilities highlight the importance of keeping router firmware up-to-date. Routers are an essential piece of network infrastructure, and unpatched flaws can provide attackers with easy access to the local network and connected devices.
Consumers and businesses alike should ensure they have processes to monitor for router firmware updates and apply them promptly. Enabling automatic updates is highly recommended where possible.
If you suspect your router may have been compromised, immediately disconnect it from the internet and seek assistance from a cyber security professional to investigate and remediate the issue.
Background Hewlett Packard Enterprise (HPE) has issued a security bulletin warning about critical vulnerabilities in its StoreOnce data backup and deduplication solution. StoreOnce is widely…
As of May 2025, the cyber threat landscape has shifted away from the UK, with the focus moving to US companies following a period of…
The summer holidays are nearly here, and many travelers have already begun making their plans and bookings. Travel scams continue to rise, with online booking…
