| TVN ID | TVN-202406011 |
|---|---|
| CVE ID | CVE-2024-3912 |
| CVSS | 9.8 (Critical) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Affected Products | DSL-N17U, DSL-N55U_C1, DSL-N55U_D1, DSL-N66U, DSL-N14U, DSL-N14U_B1, DSL-N12U_C1, DSL-N12U_D1, DSL-N16, DSL-AC51, DSL-AC750, DSL-AC52U, DSL-AC55U, DSL-AC56U |
| Description | Certain models of ASUS routers have an arbitrary firmware upload vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the device. |
| Solution | Update following models to version 1.1.2.3_792 or later:DSL-N17U, DSL-N55U_C1, DSL-N55U_D1, DSL-N66UUpdate following models to version 1.1.2.3_807 or later:DSL-N12U_C1, DSL-N12U_D1, DSL-N14U, DSL-N14U_B1 Update following models to version 1.1.2.3_999 or later:DSL-N16, DSL-AC51, DSL-AC750, DSL-AC52U, DSL-AC55U, DSL-AC56UThe following models are no longer maintained, and it is recommended to retire and replace them.DSL-N10_C1, DSL-N10_D1, DSL-N10P_C1, DSL-N12E_C1, ,DSL-N16P, DSL-N16U, DSL-AC52, DSL-AC55 If replacement is not possible in the short term, it is recommended to disable remote access (Web access from WAN), virtual servers (Port forwarding), DDNS, VPN server, DMZ, and port trigger. |
| Credit | Carlos Köpke (PLASMALABS) |
| Public Date | 2024-06-14 |
:::