A critical vulnerability has been discovered in several ASUS router models, posing significant security risks to users. This flaw, identified as CVE-2024-3912 and with a CVSS score of 9.8, allows remote attackers to execute arbitrary system commands without authentication. The vulnerability stems from an arbitrary firmware upload issue present in multiple ASUS router models, including DSL-N17U, DSL-N55U_C1, DSL-N55U_D1, DSL-N66U, DSL-N14U, DSL-N14U_B1, DSL-N12U_C1, DSL-N12U_D1, DSL-N16, DSL-AC51, DSL-AC750, DSL-AC52U, DSL-AC55U, and DSL-AC56U.
In response to this critical security issue, ASUS has swiftly released firmware updates to address the vulnerability. Users are strongly advised to update their affected routers immediately by installing the recommended firmware versions. For those using older models no longer maintained by ASUS, it is crucial to consider replacing these routers to maintain robust network security.
For users unable to replace their older routers immediately, ASUS recommends disabling specific router features such as remote access (Web access from WAN), virtual server (Port forwarding), DDNS, VPN server, DMZ, and port trigger functionalities. This measure can help mitigate the risk of exploitation until a replacement router is secured.
The discovery of this vulnerability underscores the importance of regular firmware updates and proactive security measures for all internet-connected devices. It is essential for ASUS router users to prioritize security by promptly applying firmware updates and, when necessary, replacing outdated hardware. ASUS remains committed to customer safety and continues to provide timely solutions to safeguard against potential cyber threats.
Reference:
