CVE-2024-3080

CRITICAL EXPLOITED NUCLEI

ASUS ZenWiFi XT8, XT8 V2, RT-AX88U, RT-AX58U, RT-AX57, RT-AC86U, RT-AC68U - Unauthenticated Authentication Bypass

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2024-3080 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.

Description

Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device.

Nuclei Templates (1)

ASUS DSL-AC88U - Authentication Bypass
CRITICALby ritikchaddha

References (2)

Core 2
Core References
Various Sources third-party-advisory
https://www.twcert.org.tw/tw/cp-132-7859-0e104-1.html
Various Sources third-party-advisory
https://www.twcert.org.tw/en/cp-139-7860-760b1-2.html

Scores

CVSS v3 9.8
EPSS 0.4157
EPSS Percentile 98.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

VulnCheck KEV 2024-10-04
CWE
CWE-287
Status published
Products (7)
ASUS/RT-AC68U earlier - 3.0.0.4.386_51668
ASUS/RT-AC86U earlier - 3.0.0.4.386_51915
ASUS/RT-AX57 earlier - 3.0.0.4.386_52294
ASUS/RT-AX58U earlier - 3.0.0.4.388_23925
ASUS/RT-AX88U earlier - 3.0.0.4.388_24198
ASUS/ZenWiFi XT8 earlier - 3.0.0.4.388_24609
ASUS/ZenWiFi XT8 V2 earlier - 3.0.0.4.388_24609
Published Jun 14, 2024
Tracked Since Feb 18, 2026