ASUS Routers Vulnerable to Arbitrary Firmware Upload Attack
CVE-2024-3912

9.8CRITICAL

Key Information:

Vendor: Asus
Status: Dsl-n17u; Dsl-n55u C1; Dsl-n55u D1; Dsl-n66u
Vendor: CVE Published:; 14 June 2024

What is CVE-2024-3912?

ASUS routers are susceptible to an arbitrary firmware upload vulnerability that could allow an unauthenticated remote attacker to exploit the device. By leveraging this vulnerability, attackers may execute arbitrary system commands, potentially gaining control over the affected device. Users of ASUS routers are encouraged to apply security updates and follow best practices to mitigate the risk associated with this vulnerability. Ensure the latest firmware is installed to protect against unauthorized access and maintain overall device security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

DSL-AC51 earlier < 1.1.2.3_999

DSL-AC52 All

DSL-AC52U earlier < 1.1.2.3_999

References

https://www.twcert.org.tw/tw/cp-132-7875-872d3-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-7876-396bd-2.html

third-party-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 14, 2024
Vulnerability Reserved
Apr 17, 2024

JSON

Asus

What is CVE-2024-3912?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.