Edit Content
Report Incident
English
Sinhala
Tamil

ADVISORY!

TLP : CLEAR

Date : 17/06/2024

REF NO : CERT / 2024/06/55

ASUS Multiple Vulnerabilities

Severity Level: Medium

Components Affected

  • ZenWiFi XT8: versions prior to 3.0.0.4.388_24621
  • ZenWiFi XT8 V2: versions prior to 3.0.0.4.388_24621
  • RT-AX88U: versions prior to 3.0.0.4.388_24209
  • RT-AX58U: versions prior to 3.0.0.4.388_24762
  • RT-AX57: versions prior to 3.0.0.4.386_52303
  • RT-AC86U: versions prior to 3.0.0.4.386_51925
  • RT-AC68U: versions prior to 3.0.0.4.386_51685
  • DSL-N17U
  • DSL-N55U_C1
  • DSL-N55U_D1
  • DSL-N66U
  • DSL-N12U_C1
  • DSL-N12U_D1
  • DSL-N14U
  • DSL-N14U_B1
  • DSL-N16
  • DSL-AC51
  • DSL-AC750
  • DSL-AC52U
  • DSL-AC55U
  • DSL-AC56U

Overview

Multiple vulnerabilities were identified in ASUS Router. A remote attacker could exploit these vulnerabilities to trigger remote code execution and security restriction bypass on the targeted system.

Description

Certain models of ASUS routers are affected by multiple vulnerabilities. Buffer overflow vulnerabilities allow remote attackers with administrative privileges to execute arbitrary commands on the device. Additionally, an authentication bypass vulnerability enables unauthenticated remote attackers to log into the device. Furthermore, an arbitrary firmware upload vulnerability allows unauthenticated remote attackers to execute arbitrary system commands on the device. These vulnerabilities pose significant security risks by enabling unauthorized access and control over the affected routers.

Impact

  • Remote Code Execution
  • Security Restriction Bypass

Solution/ Workarounds

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

  • ZenWiFi XT8: 3.0.0.4.388_24621 or later version
  • ZenWiFi XT8 V2: 3.0.0.4.388_24621 or later version
  • RT-AX88U: 3.0.0.4.388_24209 or later version
  • RT-AX58U: 3.0.0.4.388_24762 or later version
  • RT-AX57: 3.0.0.4.386_52303 or later version
  • RT-AC86U: 3.0.0.4.386_51925 or later version
  • RT-AC68U: 3.0.0.4.386_51685 or later version
  • DSL-N17U, DSL-N55U_C1, DSL-N55U_D1, DSL-N66U: 1.1.2.3_792 or later version
  • DSL-N12U_C1, DSL-N12U_D1, DSL-N14U, DSL-N14U_B1: 1.1.2.3_807 or later version
  • DSL-N16, DSL-AC51, DSL-AC750, DSL-AC52U, DSL-AC55U, DSL-AC56U: 1.1.2.3_999 or later version

Reference

Disclaimer : The information provided herein is on an “as is” basis, without warranty of any kind.

Sri Lanka Computer Emergency Readiness Team | Coordination Centre

Linkedin-in Facebook-f Twitter Youtube

Quick Links

Useful Links

Contact

  • Hotline : 101
  • +94 11 269 1692
  • Room 4-112, BMICH, Bauddhaloka Mawatha, Colombo 07, Sri Lanka.
  • General inquiry: cert@cert.gov.lk
  • Security incidents: incidents@cert.gov.lk
  • Social media incidents: report@cert.gov.lk

Copyright © 2023 SRI LANKA CERT | CC