Unintended Entry Point Vulnerability in ASUS Routers
CVE-2024-13062

7.2HIGH

Key Information:

Vendor: Asus
Status: Router
Vendor: CVE Published:; 2 January 2025

Summary

An unintended entry point has been found in various ASUS router models, potentially enabling arbitrary command execution. This vulnerability can be exploited by an attacker to execute commands on the device, which poses a serious risk to network integrity and security. Users are encouraged to check for firmware updates and apply security patches as advised in the ASUS Security Advisory to mitigate potential risks.

Affected Version(s)

Router 3.0.0.4_382 series

Router 3.0.0.4_386 series

Router 3.0.0.4_388 series

References

https://www.asus.com/content/asus-product-security-advisory/

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 2, 2025
Vulnerability Reserved
Dec 31, 2024