ASUS Routers Vulnerabilities Allows Arbitrary Code Execution

ASUS, a leading networking equipment manufacturer, has issued a critical security advisory for several router models.

The company has identified injection and execution vulnerabilities in certain firmware series that could allow authenticated attackers to trigger command execution through the ASUS router AiCloud feature.

The vulnerabilities CVE-2024-12912 and CVE-2024-13062 affect routers running firmware versions 3.0.0.4_386, 3.0.0.4_388, and 3.0.0.6_102.

If exploited, these flaws could enable authenticated administrators to execute arbitrary commands on the affected devices over the network, potentially compromising the security of entire home or business networks.

ASUS has released firmware updates for the affected series in response to these security risks. The company strongly urges all users to update their routers immediately to the latest firmware version available for their specific model.

To mitigate the risk, ASUS recommends users take the following steps:

Update router firmware promptly when new versions become available. Users can find the latest firmware on the ASUS support page or their product’s specific page on the ASUS website.
Implement strong, unique passwords for both the wireless network and router administration page. Passwords should be at least 10 characters long and include a mix of uppercase and lowercase letters, numbers, and symbols.
Enable password protection within the AiCloud service.
For users unable to update immediately or those with end-of-life routers running 3.0.0.4_382 firmware, ASUS advises:
– Ensuring both login and WiFi passwords are strong
– Disabling services accessible from the internet, such as remote access, port forwarding, DDNS, VPN server, DMZ, and FTP
Regularly check and update security procedures and equipment.

ASUS emphasizes avoiding sequential numbers or letters in passwords, such as “1234567890” or “abcdefghij”.

This security advisory highlights the ongoing challenges in router security and the critical need for users to stay vigilant about firmware updates and best security practices.

As IoT devices become increasingly prevalent in homes and businesses, maintaining up-to-date firmware and strong security configurations is essential to protect against potential cyber threats.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

Rajashekar Yasani

Rajashekar Yasani is a seasoned Cloud Security Engineer with extensive experience in cybersecurity research. As a security researcher, Rajashekar shares practical insights to help organizations enhance their security posture in an ever-evolving digital landscape.