icon

Digital safety starts here for both commercial and personal Use...

Defend Your Business Against the Latest WNY Cyber Threats We offer Safe, Secure and Affordable Solutions for your Business and Personal Networks and Devices.



WNYCyber is there to help you to choose the best service providers in Western New York... We DO NOT provide the services ourselves, as we are Internet Programmers who have to deak daily with Cyber Threats... (Ugghhh)... So we know what it's like and what it takes to protect OUR and OUR CUSTOMERS DATA... We built this Website to help steer you to those that can give you the best service at realistic and non-inflated prices. We do charge or collect any fees.

Buffalo, New York
United States

Current Threat Data

ASUS Router AiCloud Vulnerabilities

Summary:
ASUS has released security updates to address two high severity flaws impacting several of its router models. Tracked as CVE-2024-12912 and CVE-2024-13062, the bugs could enable authenticated attackers to execute commands through the ASUS AiCloud feature, a cloud-based service that allows users to remotely access, share, and manage their data stored on ASUS routers. Specifically, the vulnerabilities impact routers running firmware versions 3.0.0.4_386, 3.0.0.4_388, and 3.0.0.6_102. While ASUS did not mention whether these flaws are actively being exploited in attacks in the wild, the vendor recommends updating to the latest firmware releases as soon as possible. Please defer to the ASUS support page below to find the newest firmware for your device model:
https://www.asus.com/support/

Security Officer Comments:
While these vulnerabilities require administrative access for successful exploitation, attackers can gain entry through credential stuffing or brute-forcing attacks, exploiting weak or commonly used passwords. Once authenticated, attackers could execute malicious commands, effectively compromising the router and the network. This could grant them access to sensitive data, enable them to reconfigure settings, and even integrate the router into a botnet, using it as a launching pad for further attacks on other systems or networks.

Suggested Corrections:
To mitigate the risk, ASUS recommends users take the following steps:

  • Update router firmware promptly when new versions become available. Users can find the latest firmware on the ASUS support page or their product’s specific page on the ASUS website.
  • Implement strong, unique passwords for both the wireless network and router administration page. Passwords should be at least 10 characters long and include a mix of uppercase and lowercase letters, numbers, and symbols. ASUS emphasizes avoiding sequential numbers or letters in passwords, such as “1234567890” or “abcdefghij”.
  • Enable password protection within the AiCloud service.
  • For users unable to update immediately or those with end-of-life routers running 3.0.0.4_382 firmware, ASUS advises:– Ensuring both login and WiFi passwords are strong– Disabling services accessible from the internet, such as remote access, port forwarding, DDNS, VPN server, DMZ, and FTP

Link(s):
https://www.asus.com/content/asus-product-security-advisory/


https://cybersecuritynews.com/asus-router-vulnerabilities/

Contact Us for Threat Assistance
Back to Current Threats