June 15, 2024 at 01:15PM
ASUS has released a firmware update to address vulnerabilities impacting seven router models, allowing remote attackers to take control of the devices. Users are advised to update to the latest firmware versions and strengthen account and WiFi passwords. The update also addresses other vulnerabilities and includes an update for the Download Master utility with security fixes.
Based on the meeting notes, here are the key takeaways:
1. ASUS has released a new firmware update to address a critical vulnerability, CVE-2024-3080, impacting seven router models. The vulnerability allows remote attackers to log in to the devices, and ASUS recommends users to update to the latest firmware versions available on its download portals.
2. The impacted router models include XT8, XT8_V2, RT-AX88U, RT-AX58U, RT-AX57, RT-AC86U, and RT-AC68U.
3. For those unable to update immediately, ASUS suggests they ensure their account and WiFi passwords are strong and recommends disabling certain features such as internet access to the admin panel, remote access from WAN, port forwarding, DDNS, VPN server, DMZ, and port trigger.
4. Additionally, ASUS has addressed another vulnerability, CVE-2024-3079, in the same package, which is a high-severity buffer overflow issue that requires admin account access to exploit.
5. Taiwan’s CERT has also informed the public about CVE-2024-3912, a critical arbitrary firmware upload vulnerability impacting multiple ASUS router models, with a proposed solution for each impacted model.
6. ASUS has released an update to Download Master, addressing medium to high-severity issues, and recommends users to upgrade to version 3.1.0.114 or later for optimal security and protection.
These takeaways highlight the key security updates and recommendations provided by ASUS to address vulnerabilities and ensure optimal security for the router models and Download Master utility.