Seven ASUS routers impacted by critical authentication bypass flaw
ASUS has released firmware updates to eliminate a series of vulnerabilities affecting seven of its routers – here’s which devices are at risk


ASUS has issued a product security advisory warning customers to update the security firmware to address a critical vulnerability affecting seven of its router models.
The vulnerability, CVE-2024-3080, is a critical authentication bypass flaw that allows remote attackers to take control of the device without authentication.
Due to the fact the attackers can leverage the flaw without needing to escalate their privileges, it was designated as a 9.8 on the CVSS, according to the Taiwan Computer Emergency Response Team/Coordination Center (TWCERT/CC).
ASUS listed the following routers as being impacted by the flaw:
- XT8 (ZenWiFi AX XT8)
- XT8_V2
- RT-AX88U
- RT-AX58U
- RT-AX57
- RT-AC86U
- RT-AC68U
A second vulnerability, tracked as CVE-2024-3079, is a buffer overflow flaw that could allow remote attackers with administrative privileges to execute arbitrary commands on the device
ASUS also warned that certain other models have an arbitrary firmware upload vulnerability, CVE-2024-3912, that could allow an unauthenticated attacker to execute arbitrary system commands on the device.
The affected devices were:
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
- DSL-N12U_C1
- DSL-N12U_D1
- DSL-N14U
- DSL-N14U_B1
- DSL-N16
- DSL-N17U
- DSL-N55U_C1
- DSL-N55U_D1
- DSL-N66U
- DSL-AC51
- DSL-AC750
- DSL-AC52U
- DSL-AC55U
- DSL-AC56U
RELATED WEBINAR
ASUS advised customers to update their devices to the latest firmware versions available on its download portals, and if this is not possible, to disable any services that are publicly accessible via the internet such as remote access from WAN, port forwarding, DDNS, PN server, DMZ, or port trigger.
“If you turned on the Download master, login the web GUI and go to USB application → Download Master and click the update to get the latest version of Download master (3.1.0.114)"
If users cannot update Download Master, ASUS advises to ensure login and Wi-Fi passwords are secure, and that customers use strong passwords that cannot be easily guessed or brute-forced by attackers.

Solomon Klappholz is a former staff writer for ITPro and ChannelPro. He has experience writing about the technologies that facilitate industrial manufacturing, which led to him developing a particular interest in cybersecurity, IT regulation, industrial infrastructure applications, and machine learning.
-
Why are many men in tech blind to the gender divide?
In-depth From bias to better recognition, male allies in tech must challenge the status quo to advance gender equality
By Keri Allan
-
BenQ PD3226G monitor review
Reviews This 32-inch monitor aims to provide the best of all possible worlds – 4K resolution, 144Hz refresh rate and pro-class color accuracy – and it mostly succeeds
By Sasha Muller