Description
A critical vulnerability has been identified in certain ASUS router models, which involves an authentication bypass issue. This vulnerability allows unauthenticated remote attackers to log into the device.
Affected Product(s)
- ASUS DSL-AC51 (versions before 1.1.2.3_999)
- ASUS DSL-AC52U (versions before 1.1.2.3_999)
Technical Details
ASUS routers, widely known for their advanced features and robust performance, have recently been flagged for a critical vulnerability, CVE-2024-3080.
This vulnerability pertains to an improper authentication mechanism that facilitates unauthorized access to the routers. It specifically impacts the DSL-AC51 and DSL-AC52U models, both of which are popular among consumers and small businesses for their reliable internet connectivity.
The identified vulnerability exploits a flaw in the authentication process of these routers. Typically, a secure login process should validate user credentials correctly before granting access. However, due to flaws in the implementation, the security measures can be bypassed, allowing attackers to gain access without proper authentication. This bypass can be initiated remotely, making it a significant threat given the widespread usage of these models in residential and business environments.
According to HKCERT’s advisory, the authentication bypass can be triggered using crafted requests that manipulate the login functions of the router firmware. These manipulations exploit insufficient validation in the router’s code, effectively enabling adversaries to circumvent the login screen and gain administrative control over the affected routers.
With administrative access, attackers have the ability to alter configurations, monitor network traffic, inject malicious firmware, and perform other nefarious activities. These compromises can potentially lead to data theft, the spread of malware across connected devices, and even full network intrusion. Further probing by security researchers indicates a pattern of similar bypass issues across multiple router models and firmware versions.
Unpatched systems are particularly vulnerable, and given the nature of networked environments, once a single router is compromised, the threat can easily propagate across an entire network. The threat actors behind such exploits often target known vulnerabilities in popular devices like ASUS routers. They scan for exposed devices over the internet, and upon identifying potential victims, deploy automated scripts to exploit these vulnerabilities.
This automated exploitation increases the risk as it can affect a large number of devices in a short span. The National Vulnerability Database (NVD) lists CVE-2024-3080 with a CVSS score of 9.8, reflecting the severity and the critical need for immediate remediation. Users and administrators are urged to upgrade their router firmware to mitigate this risk. Details regarding the fix have been released by CERT-HK and other security advisories. In addition to firmware updates, it is recommended to change default credentials, disable remote management if unnecessary, and monitor network logs for any unusual activities.
In conclusion, CVE-2024-3080 represents a significant threat due to the widespread use of the affected ASUS router models and the ease with which this authentication bypass can be exploited. Vigilance and prompt action are essential to safeguard network integrity and prevent unauthorized access.
Weakness
The associated weakness with this vulnerability is improper authentication, classified under CWE-287. This weakness describes scenarios where an application improperly authenticates users, allowing potential attackers to bypass security checks and gain unauthorized access.
Impact Assessment
If exploited, this vulnerability could allow an attacker to gain unauthorized access to sensitive data or execute arbitrary code on the affected system, leading to potential data breaches, network disruptions, and further exploitation of connected devices.
Active Exploitation
We have observed activity from adversary groups exploiting this particular vulnerability. ASUS has issued warnings about the latest authentication bypass vulnerability detected across seven router models. This highlights the scale and severity of the issue.
Ransomware Association
The vulnerability has been linked to ransomware attacks. Attackers exploit this vulnerability to gain initial access to the system, which is then used to deploy ransomware, locking users out of their network and demanding payment for restoring access.
Mitigation and Resolution
We have released a patch that addresses this vulnerability. Please update to version 1.1.2.3_999 or later immediately. This patch includes necessary fixes to the authentication mechanism, ensuring robust security against unauthorized access.
Recommendations
- We strongly recommend that all customers apply the latest patch as soon as possible.
- Change default login credentials immediately after updating the firmware.
- Disable remote management features if they are not needed.
- Regularly monitor network logs for any unusual activities.
- Keep all devices on the network updated with the latest security patches.
- Implement network segmentation to limit the spread of an attack.
ย Referencesย
- HKCERT Security Bulletin
- CVE MITRE Details
- NVD Details
- TWCERT Security Update 1
- TWCERT Security Update 2