ASUS Router User? Patch ASAP!
Or junk it if EOL: Two nasty vulnerabilities need an updateβpronto.
The post ASUS Router User? Patch ASAP! appeared first on Security Boulevard.
Or junk it if EOL: Two nasty vulnerabilities need an updateβpronto.
The post ASUS Router User? Patch ASAP! appeared first on Security Boulevard.
Hardware manufacturer Asus has released updates patching multiple critical vulnerabilities that allow hackers to remotely take control of a range of router models with no authentication or interaction required of end users.
The most critical vulnerability, tracked as CVE-2024-3080 is an authentication bypass flaw that can allow remote attackers to log into a device without authentication. The vulnerability, according to the Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC), carries a severity rating of 9.8 out of 10. Asus said the vulnerability affects the following routers:
A second vulnerability tracked as CVE-2024-3079 affects the same router models. It stems from a buffer overflow flaw and allows remote hackers who have already obtained administrative access to an affected router to execute commands.
Daft name, serious risk: Kit from ActionTec and Sagemcom remotely ruined and required replacement.
The post βPumpkin Eclipseβ β 600,000+ Rural ISP Routers Bricked Beyond Repair appeared first on Security Boulevard.