CVE-2024-3080

Summary

Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device.

Affected Software

VendorProductVersion RangeStatus
ASUSZenWiFi XT8earlier <= 3.0.0.4.388_24609affected
ASUSZenWiFi XT8 V2earlier <= 3.0.0.4.388_24609affected
ASUSRT-AX88Uearlier <= 3.0.0.4.388_24198affected
ASUSRT-AX58Uearlier <= 3.0.0.4.388_23925affected
ASUSRT-AX57earlier <= 3.0.0.4.386_52294affected
ASUSRT-AC86Uearlier <= 3.0.0.4.386_51915affected
ASUSRT-AC68Uearlier <= 3.0.0.4.386_51668affected

Weaknesses

  • CWE-287: CWE-287: Improper Authentication

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

CVE Program Container

Additional References

References