In a recent security advisory, ASUS has alerted users to critical vulnerabilities affecting several of its router models.
These flaws, tracked as CVE-2024-12912 and CVE-2024-13062, pose severe risks by allowing attackers to execute arbitrary commands on compromised devices. ASUS has advised users to act immediately by updating their routers to stay protected.
The two vulnerabilities are linked to the router firmware’s AiCloud feature. According to ASUS, these “injection and execution vulnerabilities” can allow authenticated attackers to trigger remote command execution.
Both flaws have been assigned a CVSS (Common Vulnerability Scoring System) score of 7.2, categorizing them as high severity.
CVE Details:
Users of vulnerable ASUS router models are at risk if these flaws are left unpatched.
To address these vulnerabilities, ASUS has urged users to quickly update their router firmware. The latest versions—3.0.0.4_386, 3.0.0.4_388, or 3.0.0.6_102 series—contain fixes that mitigate the risks.
For users who cannot immediately apply the updates, ASUS recommends the following mitigation practices:
This advisory emphasizes the critical importance of regularly updating router firmware and following strong security practices.
ASUS advises customers to frequently check their device settings and ensure all features are configured securely. The company encourages users to report any product-related security concerns through its dedicated vulnerability disclosure page.
Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free
Ivanti, a leading enterprise software provider, has released critical security updates addressing vulnerabilities across several…
A critical stack-based buffer overflow vulnerability (CWE-121) has been discovered in multiple Fortinet products, including…
The 2025 Third-Party Breach Report from Black Kite highlights a staggering 123% surge in ransomware…
Penetration testing is still essential for upholding strong security procedures in a time when cybersecurity…
A newly identified advanced persistent threat (APT) campaign, dubbed "Swan Vector" by Seqrite Labs, has…
Threat actors have successfully exploited the widely-used open-source password manager, KeePass, to spread malware and…