InfoSecBulletin Cybersecurity for mankind
Asus has released a crucial firmware update to address a severe vulnerability that impacts seven of its business router model. Customers are urged to promptly review their firmware status and apply the necessary updates.
The flaw CVE: 2024-3080 with a CVSS score of 9.8 is an authentication bypass vulnerability that leads unauthenticated remote attackers take control of the device. The affected routers, a series of XT8 and RT models, should now be checked for firmware updates.
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
Critical Cisco ISE Vulnerability Enables Remote Code Execution
F5 Patches NGINX Flaw for Code Execution and DoS Attacks
FortiBleed: 70,000 Fortinet Firewalls Compromised Globally
New Rokarolla Android malware hits 217 banking and crypto apps
Phishing Campaign Exploits Legitimate Microsoft Login Flow
ALERT
Cisco SD-WAN Zero-Day, FortiSandbox and cPanel flaws exploited in attacks
“Panthalassa” builds floating AI data centers powered by ocean waves
Critical Wazuh Vuln Enables Alert Tampering and Evidence Deletion
Asus patches seven router models:
The models affected include the following Wi-Fi 5 and Wi-Fi 6 models: XT8 (ZenWiFi AX XT8), XT8_V2 (ZenWiFi AX XT8 V2), RT-AX88U, RT-AX58U, RT-AX57, RT-AC86U, and RT-AC68U.
You can find the newest Asus firmware on their download portals. If you can’t update right away, Asus has given instructions to help protect your device. They recommend using strong passwords and disabling certain access options.
Asus has fixed another vulnerability in the update package called CVE-2024-3079. This vulnerability is a buffer overflow issue that requires admin account access to be exploited. Its severity is high, with a CVSS score of 7.2
In January, ASUS fixed a serious vulnerability (CVE-2024-3912, CVSS score: 9.8) that could allow a remote attacker to upload files and run commands on the device without authentication.
