CVE-2024-3912

Summary

Certain models of ASUS routers have an arbitrary firmware upload vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the device.

Affected Software

VendorProductVersion RangeStatus
ASUSDSL-N17Uearlier < 1.1.2.3_792affected
ASUSDSL-N55U_C1earlier < 1.1.2.3_792affected
ASUSDSL-N55U_D1earlier < 1.1.2.3_792affected
ASUSDSL-N66Uearlier < 1.1.2.3_792affected
ASUSDSL-N12U_C1earlier < 1.1.2.3_807affected
ASUSDSL-N12U_D1earlier < 1.1.2.3_807affected
ASUSDSL-N14Uearlier < 1.1.2.3_807affected
ASUSDSL-N14U_B1earlier < 1.1.2.3_807affected
ASUSDSL-N16earlier < 1.1.2.3_999affected
ASUSDSL-AC51earlier < 1.1.2.3_999affected
ASUSDSL-AC750earlier < 1.1.2.3_999affected
ASUSDSL-AC52Uearlier < 1.1.2.3_999affected
ASUSDSL-AC55Uearlier < 1.1.2.3_999affected
ASUSDSL-AC56Uearlier < 1.1.2.3_999affected
ASUSDSL-N10_C1Allaffected
ASUSDSL-N10_D1Allaffected
ASUSDSL-N10P_C1Allaffected
ASUSDSL-N12E_C1Allaffected
ASUSDSL-N16PAllaffected
ASUSDSL-N16UAllaffected
ASUSDSL-AC52Allaffected
ASUSDSL-AC55Allaffected

Weaknesses

  • CWE-434: CWE-434 Unrestricted Upload of File with Dangerous Type

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References