InfoSecBulletin Cybersecurity for mankind
Asus has released a crucial firmware update to address a severe vulnerability that impacts seven of its business router model. Customers are urged to promptly review their firmware status and apply the necessary updates.
The flaw CVE: 2024-3080 with a CVSS score of 9.8 is an authentication bypass vulnerability that leads unauthenticated remote attackers take control of the device. The affected routers, a series of XT8 and RT models, should now be checked for firmware updates.
CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed
ALERT
Thousands of IP addresses compromised nationwide: CIRT warn
New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries
Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks
Critical RCE Flaw Patched in Roundcube Webmail
Hacker claim Leak of Deloitte Source Code & GitHub Credentials
CISA Issued Guidance for SIEM and SOAR Implementation
Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora
Australia enacts mandatory ransomware payment reporting
Why Govt Demands Foreign CCTV Firms to Submit Source Code?
Asus patches seven router models:
The models affected include the following Wi-Fi 5 and Wi-Fi 6 models: XT8 (ZenWiFi AX XT8), XT8_V2 (ZenWiFi AX XT8 V2), RT-AX88U, RT-AX58U, RT-AX57, RT-AC86U, and RT-AC68U.
You can find the newest Asus firmware on their download portals. If you can’t update right away, Asus has given instructions to help protect your device. They recommend using strong passwords and disabling certain access options.
Asus has fixed another vulnerability in the update package called CVE-2024-3079. This vulnerability is a buffer overflow issue that requires admin account access to be exploited. Its severity is high, with a CVSS score of 7.2
In January, ASUS fixed a serious vulnerability (CVE-2024-3912, CVSS score: 9.8) that could allow a remote attacker to upload files and run commands on the device without authentication.
