In various models of ASUS vulnerabilities have been detected , with two of them considered critical (rated 9.8 out of 10). Specific details about the vulnerabilities have not been disclosed yet. The first critical vulnerability (CVE-2024-3080) allows unauthorized access to the device without authentication. The second critical vulnerability (CVE-2024-3912) enables attackers to load arbitrary firmware, potentially leading to remote execution of malicious commands.
The first critical vulnerability impacts ASUS Zenwifi XT8 wireless routers, RT-AX57, RT-AC86U, RT-AX58U, RT-AC68U, and RT-AX88U. The second critical vulnerability affects ASUS DSL-N17U, DSL-N55U_C1, DSL-N55U_D1, DSL-N66U, DSL-N14U_B1, DSL-N12U_C1, DSL-N12U_D1, DSL-N16, DSL-AC51, DSL-AC750, DSL-AC52U, DSL-AC55U, and DSL-AC56U. ASUS has released firmware updates to address these vulnerabilities for the affected devices that are still supported.
Among the other identified vulnerabilities in ASUS devices that pose a risk, there are instances of buffer overflow ( CVE-2024-3079 , CVE-2024-31163 ) and input data errors in Asus Download Master ( CVE-2024-31161 ,