Multitude of ASUS routers face a severe security threat due to a critical flaw
In the digital age, corporate stakeholders are increasingly focused on understanding the risk calculus of their technology stacks. A recent development in this regard is the discovery of a critical vulnerability in ASUS routers, designated as CVE-2024-3080. This flaw, affecting popular models such as ZenWiFi XT8 and RT-AX88U, poses significant security risks to edge devices connected through these routers.
The vulnerability, with a CVSS score of 9.8, indicates a high severity. It allows a remote attacker to bypass authentication and gain login access, potentially exploiting the flaw actively in the wild. Cloudflare reported high-bitrate attacks using a botnet of infected ASUS routers, posing a threat to edge devices and edge networks.
ASUS addressed the issue by releasing security patches in June 2025, fully addressing the vulnerability and related issues in their router firmware. The company issued a security advisory on June 14, recommending customers to upgrade their firmware or apply mitigation steps if an upgrade is not possible.
Researchers at Censys have identified a critical vulnerability in at least 147,000 ASUS routers. While no current indications of active exploitation or a proof of concept for the ASUS vulnerability have been found, the potential impact is significant. Edge devices, including ASUS routers, have become frequent targets of malicious attacks in recent years.
The ASUS vulnerability fits into the larger picture of security concerns around small office/home office (SOHO) and edge devices. These devices, often overlooked in security discussions, can be recruited into botnets or serve as initial access vectors or pivot points into an organization's network. State-linked threat groups, such as Volt Typhoon, have exploited vulnerabilities in edge devices since 2023 to conduct reconnaissance and other malicious activity, raising questions about the overall security of edge devices.
The evolving role of Chief Information Security Officers (CISOs) involves better understanding and managing the risk calculus of technology stacks. The question on many corporate stakeholders' minds is: Are we a target? The ASUS vulnerability serves as a reminder of the importance of prompt firmware updates and vigilant security measures for edge devices.
While the ASUS vulnerability has been addressed, the potential impact and the ongoing security concerns around edge devices highlight the need for continued vigilance and proactive measures in cybersecurity. Users are strongly advised to update their ASUS router firmware immediately to mitigate potential exploitation and secure their devices.
Cybersecurity professionals must remain vigilant towards the evolving threat landscape, given the recently discovered critical vulnerability, CVE-2024-3080, in ASUS routers. This vulnerability, with a high severity score, can allow for remote attacker access, potentially exploiting the flaw in the wild. Furthermore, in the data-and-cloud-computing arena, understanding and managing the risk calculus of technology stacks, including edge devices like ASUS routers, is paramount for effective cybersecurity.
