CVE-2024-0401

HIGH

ASUS ExpertWiFi and RT Series < 3.0.0.6.102_44544 - Authenticated Remote Code Execution via Crafted OVPN Profile

Title source: llm
STIX 2.1

Description

ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. An authenticated and remote attacker can execute arbitrary operating system commands by uploading a crafted OVPN profile. Known affected routers include ASUS ExpertWiFi, ASUS RT-AX55, ASUS RT-AX58U, ASUS RT-AC67U, ASUS RT-AC68R, ASUS RT-AC68U, ASUS RT-AX86, ASUS RT-AC86U, ASUS RT-AX88U, and ASUS RT-AX3000.

References (1)

Core 1
Core References
Third Party Advisory third-party-advisory
https://vulncheck.com/advisories/asus-ovpn-rce

Scores

CVSS v3 7.2
EPSS 0.0312
EPSS Percentile 87.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-78
Status published
Products (10)
ASUS/ExpertWiFi < 3.0.0.6.102_44544
ASUS/RT-AC67U < 3.0.0.4.386_51685
ASUS/RT-AC68R < 3.0.0.4.386_51685
ASUS/RT-AC68U < 3.0.0.4.386_51685
ASUS/RT-AC86U < 3.0.0.4.386_51925
ASUS/RT-AX3000 < 3.0.0.4.388_24762
ASUS/RT-AX55 < 3.0.0.4.386_52303
ASUS/RT-AX58U < 3.0.0.4.388_24762
ASUS/RT-AX86 Series < 3.0.0.4.388_24243
ASUS/RT-AX88U < 3.0.0.4.388_24209
Published May 20, 2024
Tracked Since Feb 18, 2026