杭州江阴科强工业胶带有限公司

{"id":164549,"date":"2024-06-16T07:44:23","date_gmt":"2024-06-16T07:44:23","guid":{"rendered":"https:\/\/securityaffairs.com\/?p=164549"},"modified":"2024-06-16T07:47:02","modified_gmt":"2024-06-16T07:47:02","slug":"asus-router-models-critical-rce","status":"publish","type":"post","link":"https:\/\/securityaffairs.com\/164549\/security\/asus-router-models-critical-rce.html","title":{"rendered":"ASUS fixed critical remote authentication bypass bug in several routers"},"content":{"rendered":"

<\/div>\n

Taiwanese manufacturer giant ASUS addressed a critical remote authentication bypass vulnerability impacting several router models.<\/h2>\n\n\n\n
ASUS addresses a critical remote authentication bypass vulnerability, tracked as\u00a0CVE-2024-3080<\/a>\u00a0(CVSS v3.1 score: 9.8), impacting seven router models.<\/p>\n\n\n\n
The flaw is an authentication bypass issue that a remote attacker can exploit to log into the device without authentication.<\/p>\n\n\n\n
The flaw impacts the following models:<\/p>\n\n\n\n
\n
ZenWiFi XT8 3.0.0.4.388_24609 (inclusive) previous\u00a0versions<\/li>\n\n\n\n
ZenWiFi Version RT-AX57 3.0.0.4.386_52294 (inclusive) previous version<\/li>\n\n\n\n
ZenWiFi Version RT-AC86U 3.0.0.4.386_51915 (inclusive) previous version<\/li>\n\n\n\n
ZenWiFi Version RT-AC68U 3.0.0.4.386_51668 (inclusive) previous version<\/li>\n<\/ul>\n\n\n\n
The company released the following firmware update to address the issue:<\/p>\n\n\n\n
\n
Update ZenWiFi XT8 to 3.0.0.4.388_24621 (inclusive) and later versions<\/li>\n\n\n\n
Update ZenWiFi XT8 V2 to 3.0.0.4.388_24621 (inclusive) and later versions<\/li>\n\n\n\n
Update RT-AX88U to 3.0.0.4.388_24209 (inclusive) and later versions<\/li>\n\n\n\n
Update RT-AX58U to 3.0 .0.4.388_24762 (inclusive) and later versions<\/li>\n\n\n\n
update RT-AX57 to 3.0.0.4.386_52303 (inclusive) and later versions<\/li>\n\n\n\n
update RT-AC86U to 3.0.0.4.386_51925 (inclusive) and later versions<\/li>\n\n\n\n
update RT-AC68U to 3.0.0.4.386_51685 ( (including) later versions<\/li>\n<\/ul>\n\n\n\n
The vendor also addressed a critical upload arbitrary firmware flaw, tracked as CVE-2024-3912<\/a> (CVSS score 9.8) impacting multiple devices. An unauthenticated, remote attacker can exploit the flaw to execute system commands on the vulnerable device.<\/p>\n\n\n\n
Carlos K\u00f6pke from PLASMALABS discovered the flaw. Impacted products are: DSL-N17U, DSL-N55U_C1, DSL-N55U_D1, DSL-N66U, DSL-N14U, DSL-N14U_B1, DSL-N12U_C1, DSL-N12U_D1, DSL-N16, DSL-AC51, DSL-AC750, DSL-AC52U, DSL- AC55U, DSL-AC56U.<\/gwmw><\/p>\n\n\n\n
Some impacted models will not receive the firmware updates because they have reached the end-of-life (EoL).<\/p>\n\n\n\n
The following versions address the flaw:<\/p>\n\n\n\n
\n
Update the following models to 1.1.2.3_792 (inclusive) and later versions:
DSL-N17U, DSL-N55U_C1, DSL-N55U_D1, DSL-N66U<\/gwmw><\/li>\n\n\n\n
Update the following models to 1.1.2.3_807 (inclusive) and later versions:
DSL-N12U_C1, DSL -N12U_D1, DSL-N14U, DSL-N14U_B1<\/li>\n\n\n\n
Update the following models to 1.1.2.3_999 (inclusive) and later versions:
DSL-N16, DSL-AC51, DSL-AC750, DSL-AC52U, DSL-AC55U, DSL-AC56U<\/li>\n\n\n\n
and following models No longer maintained, it is recommended to replace
DSL-N10_C1, DSL-N10_D1, DSL-N10P_C1, DSL-N12E_C1, ,DSL-N16P, DSL-N16U, DSL-AC52, DSL-AC55.
If it cannot be replaced in the short term, it is recommended to close it. Remote access (Web access from WAN), virtual server (Port forwarding), DDNS, VPN server, DMZ, port trigger<\/gwmw><\/gwmw><\/gwmw><\/li>\n<\/ul>\n\n\n\n
Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/strong><\/a><\/p>\n\n\n\n
Pierluigi Paganini<\/strong><\/a><\/p>\n\n\n\n
(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking,\u00a0routers)<\/strong><\/p>\n\n\n\n
<\/gwmw><\/p>\n","protected":false},"excerpt":{"rendered":"
Taiwanese manufacturer giant ASUS addressed a critical remote authentication bypass vulnerability impacting several router models. ASUS addresses a critical remote authentication bypass vulnerability, tracked as\u00a0CVE-2024-3080\u00a0(CVSS v3.1 score: 9.8), impacting seven router models. The flaw is an authentication bypass issue that a remote attacker can exploit to log into the device without authentication. The flaw impacts […]<\/p>\n","protected":false},"author":1,"featured_media":147644,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3323,55],"tags":[1672,4112,9508,9506,10918,687,4594,841,1533],"class_list":["post-164549","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-breaking-news","category-security","tag-asus","tag-hacking","tag-hacking-news","tag-information-security-news","tag-it-information-security","tag-pierluigi-paganini","tag-rce","tag-security-affairs","tag-security-news"],"yoast_head":"\n杭州江阴科强工业胶带有限公司