Asus patches serious security flaw across multiple routers — update now if you have any of these models

Update your Asus router now

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Asus has rolled out a critical firmware update to patch a severe vulnerability affecting seven of itsbusiness routermodels, urging customers and users to check their firmware status and apply the update accordingly.

The flaw, identified as CVE-2024-3080 with a VCSS v3.1 score of 9.8, is an authentication bypass vulnerability that allows unauthenticated remote attackers to gain control of the device.

The affected routers, a series of XT8 and RT models, should now be checked for firmware updates in order to prevent unwarranted access and to ensure optimal protection.

Asus patches seven router models

The models affected include the following Wi-Fi 5 and Wi-Fi 6 models: XT8 (ZenWiFi AX XT8), XT8_V2 (ZenWiFi AX XT8 V2), RT-AX88U, RT-AX58U, RT-AX57, RT-AC86U, and RT-AC68U.

The latest Asus firmware versions are available on its download portals; however, for users unable to update immediately, Asus has also provided a set of instructions and guidance to improve protection, noting users should opt for strong passwords and disable internet access to the admin panel, remote access from WAN, port forwarding, DDNS, VPN server, DMZ, and port trigger.

In the same update package, Asus also addresses CVE-2024-3079, a high-severity buffer overflow vulnerability that requires admin account access to exploit. It was awarded a CVSS score of 7.2.

Yet another vulnerability, tracked as CVE-2024-3912, has been identified. With a CVSS score of 9.8, it allows unauthenticated remote attackers to execute system commands. However, not all routers will be eligible for the update due to end-of-life status.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Though the company’s routers often make it into the news for security fixes and firmware updates, it’s clear that the company remains committed to protecting its users in a timely manner. However, with sunsetted devices no longer receiving updates, this news serves as an important reminder not only to ensure that firmware and software updates are applied in due time, but that users replace their devices regularly in order to keep up with an evolving tech and threat landscape.

More from TechRadar Pro

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

I’ve used Genmoji and now I’m convinced Apple Intelligence will be a huge success