ASUS WiFi Routers Vulnerable to OS Command Injection Attacks
CVE-2024-1655

8.8HIGH

Key Information:

Vendor: Asus
Status: Expertwifi Ebm63; Expertwifi Ebm68; Rt-ax57 Go
Vendor: CVE Published:; 15 April 2024

What is CVE-2024-1655?

ASUS WiFi routers are susceptible to an OS Command Injection vulnerability that enables an authenticated remote attacker to execute arbitrary system commands. This is achieved by sending specially crafted requests that exploit this security weakness. The vulnerability poses a significant risk to users as it allows for unauthorized access to the system, potentially leading to further exploitation of the devices.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ExpertWiFi EBM63 earlier < 3.0.0.6.102_32645

ExpertWiFi EBM68 earlier < 3.0.0.6.102_44384

RT-AX57 Go earlier < 3.0.0.6.102_22188

References

https://www.twcert.org.tw/tw/cp-132-7737-1acd0-1.html

third-party-advisory

EPSS Score

14% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 15, 2024
Vulnerability Reserved
Feb 20, 2024

JSON

Asus

What is CVE-2024-1655?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.