ASUS has issued a warning to users regarding a critical vulnerability present in a number of routers. These vulnerabilities, identified as CVE-2024-12912 and CVE-2024-13062, allow attackers to execute arbitrary commands on vulnerable devices.
These vulnerabilities are linked to the AICLOD function in the router firmware. ASUS has stated that these vulnerabilities stem from improper input verification, enabling malicious actors to trigger remote commands. Both vulnerabilities have been rated 7.2 on the Common Vulnerability Scoring System (CVSS), categorizing them as highly dangerous threats.
CVE-2024-12912 exploits a lack of data validation in the AICLOD service, enabling the execution of arbitrary commands. On the other hand, CVE-2024-13062 allows a similar attack vector due to inadequate data filtering.
Failure to install firmware updates promptly puts ASUS router users at risk. To mitigate these threats, ASUS has released updated firmware versions: 3.0.0.4_386, 3.0.0.4_388, and 3.0.0.6_102.
If immediate update installation is not possible, ASUS recommends the following precautions:
- Install strong passwords: Create unique passwords with a minimum length of 10 characters, incorporating uppercase and lowercase letters, numbers, and special characters.
- Enable password protection for AICLOUD: Activate password protection to prevent unauthorized access.
- Disable unused external services: Deactivate functions like remote access, port forwarding, DDNS, VPN server, DMZ, and FTP if they are not in use.
The company stresses the significance of regularly updating firmware and adhering to security protocols. ASUS also encourages users to report any discovered vulnerabilities through a dedicated page for disclosing information about security issues.