ASUS Routers Vulnerable to Arbitrary Firmware Upload Attack
CVE-2024-3912

9.8CRITICAL

Key Information:

Vendor: Asus
Status: Dsl-n17u; Dsl-n55u C1; Dsl-n55u D1; Dsl-n66u
Vendor: CVE Published:; 14 June 2024

Summary

ASUS routers are susceptible to an arbitrary firmware upload vulnerability that could allow an unauthenticated remote attacker to exploit the device. By leveraging this vulnerability, attackers may execute arbitrary system commands, potentially gaining control over the affected device. Users of ASUS routers are encouraged to apply security updates and follow best practices to mitigate the risk associated with this vulnerability. Ensure the latest firmware is installed to protect against unauthorized access and maintain overall device security.

Affected Version(s)

DSL-AC51 earlier < 1.1.2.3_999

DSL-AC52 All

DSL-AC52U earlier < 1.1.2.3_999

References

https://www.twcert.org.tw/tw/cp-132-7875-872d3-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-7876-396bd-2.html

third-party-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 14, 2024
Vulnerability Reserved
Apr 17, 2024