Asus patches serious security flaw across multiple routers — update now if you have any of these models

User use a computer laptop to connect to wifi in hotel, but wifi password is incorrect. Working and waiting to loading digital data form website, concept technology of waiting for connect to Wi-Fi.
(Image credit: ParinPix via Shutterstock)

Asus has rolled out a critical firmware update to patch a severe vulnerability affecting seven of its business router models, urging customers and users to check their firmware status and apply the update accordingly.

The flaw, identified as CVE-2024-3080 with a VCSS v3.1 score of 9.8, is an authentication bypass vulnerability that allows unauthenticated remote attackers to gain control of the device.

The affected routers, a series of XT8 and RT models, should now be checked for firmware updates in order to prevent unwarranted access and to ensure optimal protection.

Asus patches seven router models

The models affected include the following Wi-Fi 5 and Wi-Fi 6 models: XT8 (ZenWiFi AX XT8), XT8_V2 (ZenWiFi AX XT8 V2), RT-AX88U, RT-AX58U, RT-AX57, RT-AC86U, and RT-AC68U.

The latest Asus firmware versions are available on its download portals; however, for users unable to update immediately, Asus has also provided a set of instructions and guidance to improve protection, noting users should opt for strong passwords and disable internet access to the admin panel, remote access from WAN, port forwarding, DDNS, VPN server, DMZ, and port trigger.

In the same update package, Asus also addresses CVE-2024-3079, a high-severity buffer overflow vulnerability that requires admin account access to exploit. It was awarded a CVSS score of 7.2.

Yet another vulnerability, tracked as CVE-2024-3912, has been identified. With a CVSS score of 9.8, it allows unauthenticated remote attackers to execute system commands. However, not all routers will be eligible for the update due to end-of-life status.

Though the company’s routers often make it into the news for security fixes and firmware updates, it’s clear that the company remains committed to protecting its users in a timely manner. However, with sunsetted devices no longer receiving updates, this news serves as an important reminder not only to ensure that firmware and software updates are applied in due time, but that users replace their devices regularly in order to keep up with an evolving tech and threat landscape. 

More from TechRadar Pro

Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!