Security News > 2024 > June > ASUS warns of critical remote authentication bypass on 7 routers
ASUS has released a new firmware update that addresses a vulnerability impacting seven router models that allow remote attackers to log in to devices.
The flaw, tracked as CVE-2024-3080, is an authentication bypass vulnerability allowing unauthenticated, remote attackers to take control of the device.
The flaw impacts multiple ASUS router models, but not all will be getting security updates due to them having reached their end-of-life.
Finally, ASUS announced an update to Download Master, a utility used on ASUS routers that enables users to manage and download files directly to a connected USB storage device via torrent, HTTP, or FTP. The newly released Download Master version 3.1.0.114 addresses five medium to high-severity issues concerning arbitrary file upload, OS command injection, buffer overflow, reflected XSS, and stored XSS problems.
TP-Link fixes critical RCE bug in popular C5400X gaming router.
PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers.
News URL
Related news
- ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models (source)
- Critical GitHub Enterprise Server Flaw Allows Authentication Bypass (source)
- Critical Veeam Backup Enterprise Manager Flaw Allows Authentication Bypass (source)
- Patch up – 4 critical bugs in ArubaOS lead to remote code execution (source)
- Critical Tinyproxy Flaw Opens Over 50,000 Hosts to Remote Code Execution (source)
- Veeam warns of critical Backup Enterprise Manager auth bypass bug (source)
- Ivanti Patches Critical Remote Code Execution Flaws in Endpoint Manager (source)
- TP-Link fixes critical RCE bug in popular C5400X gaming router (source)
- TP-Link Gaming Router Vulnerability Exposes Users to Remote Code Attacks (source)
- Exploit for critical Progress Telerik auth bypass released, patch now (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-14 | CVE-2024-3080 | Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device. | 9.8 |