Security

Critical Flaw Turns ASUS Routers Into Hacking Targets

Published 12 days ago ·
#Routers #Home Network #ASUS #Security Vulnerabilities #News #Tips & Tricks
Critical Flaw Turns ASUS Routers Into Hacking Targets
Image Credit: Asus.com

ASUS has rushed out new firmware to patch a devastating vulnerability in its popular AiCloud utility that scored a critical 9.8 on the CVSS scale, allowing unauthenticated remote attackers to execute arbitrary code on affected devices. Owners of numerous high-end ASUS routers must immediately apply the update to secure their home network perimeter.

ASUS has swiftly released urgent firmware updates targeting a critical vulnerability discovered within its popular AiCloud utility, a flaw so severe it threatens the integrity of millions of home networks utilizing the brand's high-performance routers.

The vulnerability, tracked as CVE-2024-30883, has received an alarming CVSS score of 9.8, placing it squarely in the 'Critical' category. This flaw allows for unauthenticated remote command injection (RCI), meaning bad actors could exploit the vulnerability over the internet without needing any credentials, granting them the ability to execute arbitrary code on the affected networking hardware.

The core issue resides within the AiCloud feature, designed to transform the router into a personal cloud storage hub by integrating internal network resources with external accessibility. This convergence, while convenient for users seeking private cloud functionality, severely expanded the attack surface of the network perimeter device. Network security analysts emphasize that when the router—the primary gateway for all traffic—is compromised, the entire internal network environment becomes vulnerable to surveillance and exploitation.

Researchers at The Shadowserver Foundation brought the issue to light, noting the flaw’s immense potential for widespread exploitation, particularly against widely deployed consumer models. The vulnerability impacts numerous high-end ASUS routers, including popular units from the RT-AC series often utilized by enthusiasts and small businesses as their primary connectivity backbone.

Immediate action is non-negotiable for administrators and home users utilizing these devices. ASUS has deployed patches across the affected product lines, fundamentally closing the RCI loophole. Users are strongly advised to update their router's firmware immediately through the administration interface. If an immediate update is not possible, security experts recommend disabling the AiCloud feature entirely until the necessary firmware can be applied, mitigating the immediate threat of remote exploitation.

More from ASUS