Nearly 150,000 Asus routers potentially exposed to critical vulnerability
At least 147,000 Asus routers are potentially exposed to a critical vulnerability, which can allow a remote attacker to bypass authentication and gain login access, according to researchers at Censys.
Asus issued a security advisory on 14 June recommending customers upgrade their firmware or apply mitigation steps if the upgrade was not possible.
The improper authentication vulnerability, listed as CVE-2024-3080, has a CVSS score of 9.8.
The Asus vulnerability raises more questions about the overall security of edge devices, which have become frequent targets of malicious attacks in recent years.
“While this particular vulnerability is specific to Asus devices, it fits into the larger picture of security concerns around [small office/home office] and edge devices,” Emily Austin, principal security researcher at Censys, said via e-mail. “These devices can be recruited into botnets or serve as initial access vectors or pivot points into an organisation’s network.”
A number of state-linked threat groups, including Volt Typhoon, have exploited vulnerabilities in these devices since 2023 to conduct reconnaissance and other malicious activity.
In some cases botnets have used edge devices to threaten US critical infrastructure.
Censys researchers said there are no current indications of active exploitation or a proof of concept. However, Censys said the number of exposed routers was likely underestimated and may get revised upward within days.
Subscribers 0
Fans 0
Followers 0
Followers