InfoSecBulletin Cybersecurity for mankind
ASUS released a new firmware update to fix a vulnerability affecting seven router models, which could be exploited by remote attackers to log in to the devices.
The vulnerability CVE-2024-3080 (CVSS v3.1 score: 9.8 “critical”) is an authentication bypass flaw. It enables remote attackers without authentication to control the device.
Check Point said BreachForum post old data
Apple Warns of 3 Zero Day Vulns Actively Exploited
24,000 unique IP attempted to access Palo Alto GlobalProtect portals
CVE-2025-1268
Patch urgently! Canon Fixes Critical Printer Driver Flaw
Within Minute, RamiGPT To Escalate Privilege Gaining Root Access
Australian fintech database exposed in 27000 records
Over 200 Million Info Leaked Online Allegedly Belonging to X
FBI investigating cyberattack at Oracle, Bloomberg News reports
OpenAI Offering $100K Bounties for Critical Vulns
Splunk Alert User RCE and Data Leak Vulns
ASUS says the issue impacts the following router models:
XT8 (ZenWiFi AX XT8) – Mesh WiFi 6 system with fast speeds up to 6600 Mbps, support for AiMesh, advanced security, seamless roaming, and parental controls.
XT8_V2 (ZenWiFi AX XT8 V2) – Updated version of the XT8, maintaining similar features with enhancements in performance and stability.
RT-AX88U – High-speed router with 8 LAN ports, advanced security features, and optimized gaming and streaming performance.
RT-AX58U – Dual-band WiFi 6 router with fast 3000 Mbps speeds, AiMesh support, advanced security features, and hassle-free multi-device connectivity.
RT-AX57 – Dual-band WiFi 6 router for basic usage purposes, providing speeds of up to 3000 Mbps, with AiMesh support and essential parental controls.
RT-AC86U – Dual-band WiFi 5 router with high speeds, security features, and enhanced gaming capabilities.
RT-AC68U – Dual-band WiFi 5 router offering up to 1900 Mbps, with AiMesh support, AiProtection, and robust parental controls.
ASUS recommends updating your device to the latest firmware version. Instructions are available on this FAQ page.
Taiwan’s CERT recently warned about a critical vulnerability called CVE-2024-3912 that allows attackers to upload firmware and execute system commands on the device without authentication.
