ASUS warns of critical router flaws (CVE-2024-12912, CVE-2024-13062) allowing arbitrary command execution. Users are urged to update their devices immediately.
ASUS Vulnerability
The vulnerabilities are tied to the router firmware’s AiCloud feature. ASUS explains that these “injection and execution flaws” let authenticated attackers execute remote commands.
With a CVSS score of 7.2, both are rated as highly severe.
CVE Details:
- CVE-2024-12912: This vulnerability arises from inadequate validation within the AiCloud service, enabling attackers to inject and execute arbitrary commands on the affected routers.
- CVE-2024-13062: Similar to the first flaw, this issue stems from improperly sanitized input, creating another pathway for attackers to execute remote commands.
Users with vulnerable ASUS router models are at significant risk if these flaws remain unpatched, as they could lead to unauthorized control and potential data breaches.
ASUS strongly advises updating router firmware to the latest versions—3.0.0.4_386, 3.0.0.4_388, or 3.0.0.6_102—which include security fixes to mitigate these threats. Keeping firmware up to date is essential for ensuring device and network security.
For users unable to update immediately, ASUS recommends these steps:
- Set Strong Passwords: Use unique, complex passwords with at least 10 characters, including numbers, symbols, and mixed-case letters, for your network and router admin page.
- Enable AiCloud Protection: Ensure the AiCloud service is password-protected to block unauthorized access.
- Disable Unused Services: Turn off features like remote access, port forwarding, DDNS, VPN server, DMZ, and FTP when not needed.
ASUS stresses the importance of regularly updating router firmware and maintaining secure settings. Users should frequently check their device configurations and report security issues via ASUS’s vulnerability disclosure page.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment