Security News > 2024 > June > ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models
2024-06-17 14:39
ASUS has shipped software updates to address a critical security flaw impacting its routers that could be exploited by malicious actors to bypass authentication. Tracked as CVE-2024-3080, the vulnerability carries a CVSS score of 9.8 out of a maximum of 10.0. "Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device,"
News URL
https://thehackernews.com/2024/06/asus-patches-critical-authentication.html
Related news
- Critical SAP flaw allows remote attackers to bypass authentication (source)
- GitLab releases fix for critical SAML authentication bypass flaw (source)
- GitLab Patches Critical SAML Authentication Bypass Flaw in CE and EE Editions (source)
- Ivanti warns of critical vTM auth bypass with public exploit (source)
- GitHub Enterprise Server vulnerable to critical auth bypass flaw (source)
- Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800) (source)
- Critical flaw in Zyxel’s secure routers allows OS command execution via cookie (CVE-2024-7261) (source)
- Zyxel warns of critical OS command injection flaw in routers (source)
- Zyxel Patches Critical OS Command Injection Flaw in Access Points and Routers (source)
- D-Link fixes critical RCE, hardcoded password flaws in WiFi 6 routers (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-14 | CVE-2024-3080 | Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device. | 9.8 |