In a recent discovery, several ASUS routers have been identified with a critical vulnerability that exposes them to unauthenticated remote command execution. This flaw, which could potentially allow attackers to take control of the affected devices, has placed a significant number of users at risk. As network security remains a critical concern, users must ensure their devices are up to date to prevent malicious exploitation.
The vulnerability, labeled CVE-2024-3912, has been given a CVSS score of 9.8, signifying its severity. The flaw arises from an arbitrary firmware upload vulnerability present in multiple ASUS router models. Discovered by Carlos Köpke of PLASMALABS, the issue allows attackers to execute arbitrary commands on the compromised routers remotely without requiring authentication.
Impact and Severity
The affected ASUS router models include DSL-N17U, DSL-N55U_C1, DSL-N55U_D1, DSL-N66U, DSL-N14U, DSL-N14U_B1, DSL-N12U_C1, DSL-N12U_D1, DSL-N16, DSL-AC51, DSL-AC750, DSL-AC52U, DSL-AC55U, and DSL-AC56U. Given the widespread usage of these models, the impact of this vulnerability is substantial, prompting immediate action from users and administrators.
Recommendations for Users
ASUS has addressed this critical flaw by releasing firmware updates aimed at mitigating the risk. Users of the affected models are strongly urged to update their router firmware to the latest versions: 1.1.2.3_792 or later for DSL-N17U, DSL-N55U_C1, DSL-N55U_D1, and DSL-N66U; 1.1.2.3_807 or later for DSL-N12U_C1, DSL-N12U_D1, DSL-N14U, and DSL-N14U_B1; and 1.1.2.3_999 or later for DSL-N16, DSL-AC51, DSL-AC750, DSL-AC52U, DSL-AC55U, and DSL-AC56U.
Older models such as DSL-N10_C1, DSL-N10_D1, DSL-N10P_C1, DSL-N12E_C1, DSL-N16P, DSL-N16U, DSL-AC52, and DSL-AC55, which are no longer maintained, should be replaced. If replacement is not immediately possible, disabling features like remote access, virtual server, DDNS, VPN server, DMZ, and port trigger is recommended to mitigate potential exploitation.
ASUS routers, widely used in various settings, offer functionalities such as high-speed internet connectivity and secure networking solutions. Launched years ago, these models come equipped with features catering to diverse user needs, from home to small office environments. However, the recent vulnerability underscores the need for regular firmware updates and timely replacements of outdated devices to ensure security.
Previously, ASUS routers have encountered security issues, prompting firmware updates to patch vulnerabilities. Comparatively, the CVE-2024-3912 vulnerability’s high severity score necessitates more urgent and widespread action. While historical vulnerabilities have varied in impact, the current flaw’s potential for remote exploitation without authentication poses a greater threat.
Recent news on router vulnerabilities highlights a growing trend of exploitation attempts targeting network devices. Unlike past vulnerabilities that required user action for exploitation, CVE-2024-3912’s remote command execution potential makes it particularly dangerous. This shift emphasizes the need for proactive security measures and regular updates from manufacturers like ASUS.
The discovery of CVE-2024-3912 in ASUS routers highlights the critical importance of maintaining up-to-date firmware and replacing end-of-life devices. Users must act promptly to apply necessary updates or consider replacing vulnerable routers. Such actions are essential to safeguarding networks against potential threats.
