CVE-2024-3912

CRITICAL

ASUS Router - RCE

Title source: llm

Description

Certain models of ASUS routers have an arbitrary firmware upload vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the device.

Exploits (1)

nomisec WORKING POC

by H4rk3nz0 · poc

https://github.com/H4rk3nz0/CVE-2024-3912

View Code ZIP pw:eip

References (2)

[Various Sources] https://www.twcert.org.tw/en/cp-139-7876-396bd-2.html

[Various Sources] https://www.twcert.org.tw/tw/cp-132-7875-872d3-1.html

Scores

CVSS v3 9.8

EPSS 0.0393

EPSS Percentile 88.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (22)

ASUS/DSL-AC51 earlier - 1.1.2.3_999

ASUS/DSL-AC52 All

ASUS/DSL-AC52U earlier - 1.1.2.3_999

ASUS/DSL-AC55 All

ASUS/DSL-AC55U earlier - 1.1.2.3_999

ASUS/DSL-AC56U earlier - 1.1.2.3_999

ASUS/DSL-AC750 earlier - 1.1.2.3_999

ASUS/DSL-N10_C1 All

ASUS/DSL-N10_D1 All

ASUS/DSL-N10P_C1 All

... and 12 more

Published Jun 14, 2024

Tracked Since Feb 18, 2026