ASUS Routers at Risk Due to Two Command Injection Flaws

ASUS has issued a security advisory warning users of critical vulnerabilities affecting several router models. Two flaws, tracked as CVE-2024-12912 and CVE-2024-13062, could allow attackers to execute arbitrary commands on vulnerable devices.

“Injection and execution vulnerabilities in certain ASUS router firmware series that allow authenticated attackers to trigger command execution have been identified in ASUS router AiCloud,” ASUS stated in their advisory. Both vulnerabilities have a CVSS score of 7.2, indicating a high severity level.

ASUS is urging users to immediately update their routers to the latest firmware version (3.0.0.4_386, 3.0.0.4_388, or 3.0.0.6_102 series) to patch these flaws. “We encourage you to do this when new firmware becomes available,” the advisory emphasizes. Users can download the necessary updates from the ASUS support website or their product page.

For those unable to update immediately, ASUS recommends several mitigation steps:

• Strong Passwords: Use different passwords for your wireless network and router-administration page. Use passwords that have at least 10 characters, with a mix of capital letters, numbers and symbols.
• AiCloud Protection: Enable password protection within the AiCloud service.
• Disable External Services: Disable any services accessible from the internet, such as remote access, port forwarding, DDNS, VPN server, DMZ, and FTP.

These vulnerabilities highlight the importance of regular security updates and robust password practices. ASUS reminds users to “check your equipment and security procedures regularly, as this will make you safer.”

For detailed information and download links, please refer to the official ASUS security advisory.

Related Posts:

Source:
https://securityonline.info/cve-2024-12912-cve-2024-13062-asus-routers-at-risk/