Seven ASUS routers impacted by critical authentication bypass flaw
ASUS has released firmware updates to eliminate a series of vulnerabilities affecting seven of its routers – here’s which devices are at risk


ASUS has issued a product security advisory warning customers to update the security firmware to address a critical vulnerability affecting seven of its router models.
The vulnerability, CVE-2024-3080, is a critical authentication bypass flaw that allows remote attackers to take control of the device without authentication.
Due to the fact the attackers can leverage the flaw without needing to escalate their privileges, it was designated as a 9.8 on the CVSS, according to the Taiwan Computer Emergency Response Team/Coordination Center (TWCERT/CC).
ASUS listed the following routers as being impacted by the flaw:
- XT8 (ZenWiFi AX XT8)
- XT8_V2
- RT-AX88U
- RT-AX58U
- RT-AX57
- RT-AC86U
- RT-AC68U
A second vulnerability, tracked as CVE-2024-3079, is a buffer overflow flaw that could allow remote attackers with administrative privileges to execute arbitrary commands on the device
ASUS also warned that certain other models have an arbitrary firmware upload vulnerability, CVE-2024-3912, that could allow an unauthenticated attacker to execute arbitrary system commands on the device.
The affected devices were:
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
- DSL-N12U_C1
- DSL-N12U_D1
- DSL-N14U
- DSL-N14U_B1
- DSL-N16
- DSL-N17U
- DSL-N55U_C1
- DSL-N55U_D1
- DSL-N66U
- DSL-AC51
- DSL-AC750
- DSL-AC52U
- DSL-AC55U
- DSL-AC56U
RELATED WEBINAR
ASUS advised customers to update their devices to the latest firmware versions available on its download portals, and if this is not possible, to disable any services that are publicly accessible via the internet such as remote access from WAN, port forwarding, DDNS, PN server, DMZ, or port trigger.
“If you turned on the Download master, login the web GUI and go to USB application → Download Master and click the update to get the latest version of Download master (3.1.0.114)"
If users cannot update Download Master, ASUS advises to ensure login and Wi-Fi passwords are secure, and that customers use strong passwords that cannot be easily guessed or brute-forced by attackers.
Solomon Klappholz is a former Staff Writer at ITPro adn ChannelPro. He has experience writing about the technologies that facilitate industrial manufacturing which led to him developing a particular interest in IT regulation, industrial infrastructure applications, and machine learning.
-
Security experts issue warning over the rise of 'gray bot' AI web scrapers
News While not malicious, the bots can overwhelm web applications in a way similar to bad actors
By Jane McCallion Published
-
Does speech recognition have a future in business tech?
Once a simple tool for dictation, speech recognition is being revolutionized by AI to improve customer experiences and drive inclusivity in the workforce
By Jonathan Weinberg Published