Saturday, May 31, 2025
HomeCVE/vulnerabilityASUS Critical Vulnerabilities Let Attackers Execute Arbitrary Commands

ASUS Critical Vulnerabilities Let Attackers Execute Arbitrary Commands

Published on

SIEM as a Service

Follow Us on Google News

In a recent security advisory, ASUS has alerted users to critical vulnerabilities affecting several of its router models. 

These flaws, tracked as CVE-2024-12912 and CVE-2024-13062, pose severe risks by allowing attackers to execute arbitrary commands on compromised devices. ASUS has advised users to act immediately by updating their routers to stay protected.

About the Vulnerabilities

The two vulnerabilities are linked to the router firmware’s AiCloud feature. According to ASUS, these “injection and execution vulnerabilities” can allow authenticated attackers to trigger remote command execution.

- Advertisement - Google News

Both flaws have been assigned a CVSS (Common Vulnerability Scoring System) score of 7.2, categorizing them as high severity.

CVE Details:

  1. CVE-2024-12912: This vulnerability exploits a lack of validation in the AiCloud service, enabling attackers to execute arbitrary commands.
  2. CVE-2024-13062: This allows a similarly dangerous attack vector through improperly sanitized input.

Users of vulnerable ASUS router models are at risk if these flaws are left unpatched.

To address these vulnerabilities, ASUS has urged users to quickly update their router firmware. The latest versions—3.0.0.4_386, 3.0.0.4_388, or 3.0.0.6_102 series—contain fixes that mitigate the risks.

For users who cannot immediately apply the updates, ASUS recommends the following mitigation practices:

  • Use Strong Passwords: Set unique, complex passwords for both your wireless network and router administration page. Passwords should include at least 10 characters with a mix of numbers, symbols, and uppercase/lowercase letters.
  • Enable AiCloud Password Protection: Ensure password protection is enabled within the AiCloud service to prevent unauthorized access.
  • Disable External Services: Turn off internet-facing features like remote access, port forwarding, DDNS, VPN server, DMZ, and FTP when not in use.

This advisory emphasizes the critical importance of regularly updating router firmware and following strong security practices.

ASUS advises customers to frequently check their device settings and ensure all features are configured securely. The company encourages users to report any product-related security concerns through its dedicated vulnerability disclosure page.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Attackers Exploit Microsoft Entra Billing Roles to Escalate Privileges in Organizational Environments

A startling discovery by BeyondTrust researchers has unveiled a critical vulnerability in Microsoft Entra...

Threat Actors Exploit Google Apps Script to Host Phishing Sites

The Cofense Phishing Defense Center has uncovered a highly strategic phishing campaign that leverages...

Dadsec Hacker Group Uses Tycoon2FA Infrastructure to Steal Office365 Credentials

Cybersecurity researchers from Trustwave’s Threat Intelligence Team have uncovered a large-scale phishing campaign orchestrated...

Beware: Weaponized AI Tool Installers Infect Devices with Ransomware

Cisco Talos has uncovered a series of malicious threats masquerading as legitimate AI tool...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Attackers Exploit Microsoft Entra Billing Roles to Escalate Privileges in Organizational Environments

A startling discovery by BeyondTrust researchers has unveiled a critical vulnerability in Microsoft Entra...

Threat Actors Exploit Google Apps Script to Host Phishing Sites

The Cofense Phishing Defense Center has uncovered a highly strategic phishing campaign that leverages...

Dadsec Hacker Group Uses Tycoon2FA Infrastructure to Steal Office365 Credentials

Cybersecurity researchers from Trustwave’s Threat Intelligence Team have uncovered a large-scale phishing campaign orchestrated...