Skip to content
New Ebook: Get your copy of the Unleash the Power of Censys Search Handbook today! | Download Now
Blogs

June 20: Improper Authentication Vulnerability in ASUS Routers

Update, June 21, 2024: As of Friday afternoon ET, we see just over 157k ASUS router models potentially affected by CVE-2024-3080, with the majority in the United States, followed by Hong Kong and China. We are still unaware of a proof of concept or exploitation of this vulnerability.

Issue Name and Description: Improper Authentication Vulnerability in ASUS Routers

Date Published: June 14, 2024

CVE-ID and CVSS Score: CVE-2024-3080; CVSS Score: 9.8 (Critical)

CWE: CWE-287 Improper Authentication

Asset Description: The vulnerability impacts multiple ASUS router models, including:

  • ZenWiFi XT8 version 3.0.0.4.388_24609 and earlier
  • ZenWiFi XT8 version V2 3.0.0.4.388_24609 and earlier
  • RT-AX88U version 3.0.0.4.388_24198 and earlier
  • RT-AX58U version 3.0.0.4.388_23925 and earlier
  • RT-AX57 version 3.0.0.4.386_52294 and earlier
  • RT-AC86U version 3.0.0.4.386_51915 and earlier
  • RT-AC68U version 3.0.0.4.386_51668 and earlier

Vulnerability Impact: This vulnerability allows an unauthenticated remote attacker to bypass authentication and login to the device.

Exploitation Details: We are currently unaware of a proof of concept or exploitation of this vulnerability.

Patch Availability: ASUS has released firmware updates to address this vulnerability. Users are strongly advised to update their routers to the latest available firmware versions and can find more details here on ASUS’s security advisory site.

Global Footprint: As of this publication, Censys observes over 147k exposures of potentially vulnerable ASUS routers. We assess that this is likely an underestimation, as we recently improved our scanners for these devices. We expect to have a more comprehensive count in the next 24 hours.

Detection with Censys: The following queries can be used to identify all Censys-visible public-facing affected ASUS router models. Please note we cannot detect the firmware version running, or whether a device is vulnerable.

References:

https://thehackernews.com/2024/06/asus-patches-critical-authentication.html
https://www.twcert.org.tw/en/cp-139-7860-760b1-2.html

 

About the Author

The Censys Research Team
Attack Surface Management Solutions
Learn more