Skip to content
Censys Search Teams: Industry-leading internet intelligence for growing security teams and organizations | Learn More

June 20: Improper Authentication Vulnerability in ASUS Routers

Update, June 21, 2024: As of Friday afternoon ET, we see just over 157k ASUS router models potentially affected by CVE-2024-3080, with the majority in the United States, followed by Hong Kong and China. We are still unaware of a proof of concept or exploitation of this vulnerability.

Issue Name and Description: Improper Authentication Vulnerability in ASUS Routers

Date Published: June 14, 2024

CVE-ID and CVSS Score: CVE-2024-3080; CVSS Score: 9.8 (Critical)

CWE: CWE-287 Improper Authentication

Asset Description: The vulnerability impacts multiple ASUS router models, including:

  • ZenWiFi XT8 version and earlier
  • ZenWiFi XT8 version V2 and earlier
  • RT-AX88U version and earlier
  • RT-AX58U version and earlier
  • RT-AX57 version and earlier
  • RT-AC86U version and earlier
  • RT-AC68U version and earlier

Vulnerability Impact: This vulnerability allows an unauthenticated remote attacker to bypass authentication and login to the device.

Exploitation Details: We are currently unaware of a proof of concept or exploitation of this vulnerability.

Patch Availability: ASUS has released firmware updates to address this vulnerability. Users are strongly advised to update their routers to the latest available firmware versions and can find more details here on ASUS’s security advisory site.

Global Footprint: As of this publication, Censys observes over 147k exposures of potentially vulnerable ASUS routers. We assess that this is likely an underestimation, as we recently improved our scanners for these devices. We expect to have a more comprehensive count in the next 24 hours.

Detection with Censys: The following queries can be used to identify all Censys-visible public-facing affected ASUS router models. Please note we cannot detect the firmware version running, or whether a device is vulnerable.



About the Author

The Censys Research Team
Attack Surface Management Solutions
Learn more