Getty Images

A series of critical vulnerabilities have been addressed by hardware producer Asus through updates that can enable hackers to remotely assume control over a variety of router models without any authentication or engagement needed on the part of users.

The most crucial vulnerability, identified as CVE-2024-3080, is an authentication loophole that permits remote intruders to log in to a device without any authentication. The risk, according to the Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC), is rated at 9.8 out of 10. Asus stated that the vulnerability impacts the below-mentioned routers:

A popular target for cybercriminals

Another vulnerability, known as CVE-2024-3079, affects the identical router models. This issue emerges from a buffer overflow flaw and allows remote hackers who have already secured administrative privileges on an affected router to execute commands.

There is an alert from TWCERT/CC about a third vulnerability affecting diverse Asus router models. Tracked as CVE-2024-3912, it enables remote hackers to execute commands without the need for user authentication. With a severity rating of 9.8, this vulnerability affects:

The security patches have been available since January and can be accessed for these models through the links provided in the table above. Additionally, CVE-2024-3912 impacts Asus router models that are no longer supported by the manufacturer, such as:

  • DSL-N10_C1
  • DSL-N10_D1
  • DSL-N10P_C1
  • DSL-N12E_C1
  • DSL-N16P
  • DSL-N16U
  • DSL-AC52
  • DSL-AC55

Owners of these devices are advised by TWCERT/CC to replace them as a precaution.

Asus has recommended all router owners to regularly verify that their devices are using the latest available firmware. Users are also encouraged to establish a unique password for both the wireless network and the router administration page. Furthermore, passwords should be robust, with a minimum of 11 characters that are randomly generated and distinct. Asus has also suggested that users disable any services that are accessible from the Internet, such as remote access from the WAN, port forwarding, DDNS, VPN server, DMZ, and port trigger mechanisms. For further clarification, the company has provided FAQs here and here.

There have been no reports of active exploitation of these vulnerabilities in the wild yet. Nevertheless, routers have emerged as a favored target for cybercriminals, who frequently leverage them to mask the source of their attacks. Over recent months, both state-sponsored spies and financially motivated threat actors have been detected occupying routers concurrently. Attacks by hackers affiliated with the Russian and Chinese governments on critical infrastructure often originate from routers linked to IP addresses known for their reliability. Most of these breaches are possible due to the exploitation of unpatched vulnerabilities or weak passwords.