ASUS, a prominent maker of networking devices, has released a crucial security warning concerning various router models.
A number of vulnerabilities in specific firmware versions have been discovered by the company, offering opportunities for injection and execution. These flaws, found in certain firmware series, could let authenticated attackers initiate command execution through the ASUS router AiCloud function.
The weaknesses labeled CVE-2024-12912 and CVE-2024-13062 impact routers that operate on firmware versions 3.0.0.4_386, 3.0.0.4_388, and 3.0.0.6_102.
If taken advantage of, these vulnerabilities could give authorized administrators the ability to run diverse commands on the influenced devices through the network, potentially jeopardizing the overall security of residential or commercial networks.
To address these security hazards, ASUS has issued firmware updates for the impacted series. For this reason, the firm strongly urges all users to promptly upgrade their routers to the newest firmware version accessible for their specific model.
To minimize the risk, ASUS suggests users adhere to the following guidelines:
- Ensure they regularly update the router firmware whenever new versions are released. The latest firmware can be found on the ASUS support page or the product’s unique page on the ASUS website.
- Establish robust, distinct passwords for both the wireless network and router administration section. Passwords should consist of a minimum of 10 characters, encompassing a blend of uppercase and lowercase letters, numerals, and symbols.
- Activate password protection within the AiCloud service.
- For users who can’t perform an immediate update or those possessing outdated routers on the 3.0.0.4_382 firmware, ASUS suggests:
– Confirm that both the login and WiFi passwords are robust
– Turn off services that are reachable from the internet like remote access, port forwarding, DDNS, VPN server, DMZ, and FTP - Routinely monitor and enhance security protocols and devices.
ASUS stresses the need to avoid passwords containing sequential numbers or letters, such as “1234567890” or “abcdefghij”.
This security advisory underscores the continuing struggle in router security and the crucial importance for users to remain vigilant regarding firmware updates and top security practices.
With the escalating prevalence of IoT devices in residences and workplaces, maintaining up-to-date firmware and robust security measures is vital to defend against potential cyber threats.
The article ASUS Routers Vulnerabilities Allows Arbitrary Code Execution was first published on Cyber Security News.