ASUS Routers Vulnerable to Arbitrary Firmware Upload Attack
CVE-2024-3912

9.8CRITICAL

Key Information:

Vendor

Asus
Status
Dsl-n17u
Dsl-n55u C1
Dsl-n55u D1
Dsl-n66u
Vendor
CVE Published:
14 June 2024

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2024-3912?

ASUS routers are susceptible to an arbitrary firmware upload vulnerability that could allow an unauthenticated remote attacker to exploit the device. By leveraging this vulnerability, attackers may execute arbitrary system commands, potentially gaining control over the affected device. Users of ASUS routers are encouraged to apply security updates and follow best practices to mitigate the risk associated with this vulnerability. Ensure the latest firmware is installed to protect against unauthorized access and maintain overall device security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

DSL-AC51 earlier < 1.1.2.3_999

DSL-AC52 All

DSL-AC52U earlier < 1.1.2.3_999

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-3912
Created by H4rk3nz0

References

https://www.twcert.org.tw/tw/cp-132-7875-872d3-1.html
third-party-advisory
https://www.twcert.org.tw/en/cp-139-7876-396bd-2.html
third-party-advisory

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.