Hey folks
PSA.
Lots of ASUS router critically vulnerable will need to replaced as a lot of models will not receive patches
Here is this article for more details
Feel free to discuss this below or similar vulnerabilities in ASUS routers.
Please also feel free to discuss potential oe your own solutions
Shameless Plug… Ever more reason to run your own pfsense 
we got guides on that
A number of these are likely compatible with open-wrt or dd-wrt, which is a good alternative to buying new hardware.
Pinning this for visibility.
If they can muster Merlins firmware or OpenWRT that would be the way to go
Dd-wrt has a lot of Vulnerabilities due to the sheer amount of packages that come with it
Damn, really? 
Sadge
Yeah but its also not marketed in a way that would suggest they are secure
Plus openwrt is configurable through lua
And merlin through bash
Ohhh, that’s a much more detailed post.
I’ll merge them tonight when I get home.
glad multiple people were on it
It got buried and the forum did not even tell me his post existed. Isnt it supposed to do that?
I’m not seeing my RT-AC 5300 on there, but wouldn’t be surprised if it is a part of this due to it being older. It’s currently running Merlin.
Gonna have to keep an eye on this. I remember a few a years back a list being updated over a few weeks when one of the Russian botnets that was taking over routers.
It happens
Rip yeah it does
Especially after the forum update. Nothing seems to be working right on mobile haha
Could you do me a favor and make a thread outlining your issues on mobile? I’d love to actually get to the bottom of this.
Yeah I can
Recent high severity flaw on asus routers which has severity rating of 9.8 out of 10. I’d update ASAP if you haven’t already.
Effects these below models(Per ArsTechnica):
| Model name | Support Site link |
|---|---|
| XT8 and XT8_V2 | ASUS ZenWiFi AX (XT8) - Support |
| RT-AX88U | https://www.asus.com/supportonly/RT-AX88U/helpdesk_bios/ |
| RT-AX58U | https://www.asus.com/supportonly/RT-AX58U/helpdesk_bios/ |
| RT-AX57 | https://www.asus.com/networking-iot-servers/wifi-routers/asus-wifi-routers/rt-ax57/helpdesk_bios |
| RT-AC86U | https://www.asus.com/supportonly/RT-AC86U/helpdesk_bios/ |
| RT-AC68U | https://www.asus.com/supportonly/RT-AC68U/helpdesk_bios/ |
There is another CVE within the article as well. These appear to be mostly older models. See below:
| Model name | Support Site link |
|---|---|
| DSL-N12U_C1 | DSL-N12U_C1 - Support |
| DSL-N12U_D1 | DSL-N12U D1 - Support |
| DSL-N14U | DSL-N14U - Support |
| DSL-N14U_B1 | DSL-N14U B1 - Support |
| DSL-N16 | DSL-N16|Modem Routers|ASUS Global |
| DSL-N17U | DSL-N17U - Support |
| DSL-N55U_C1 | DSL-N55U_C1 - Support |
| DSL-N55U_D1 | DSL-N55U D1 - Support |
| DSL-N66U | DSL-N66U - Support |
| DSL-AC51/DSL-AC750 | DSL-AC51|Modem Routers|ASUS Global |
| DSL-AC52U | DSL-AC52U - Support |
| DSL-AC55U | DSL-AC55U|Modem Routers|ASUS Global |
| DSL-AC56U | DSL-AC56U - Support |
With these models having received updates(the others appear to be EOL and need to be replaced yesterday lol):
DSL-N10_C1
DSL-N10_D1
DSL-N10P_C1
DSL-N12E_C1
DSL-N16P
DSL-N16U
DSL-AC52
DSL-AC55
Source:
Edit: Added second CVE from the article.
Flash OpenWRT on it.
Thanks for the heads-up, I have this model ASUS router:
GT-AX11000 Pro
I’m still going to confirm it has the latest firmware installed.
It’s np man. I actually have the RT-AX58U and thankfully stay on top of CVE’s due to my work.
Interesting how the RT-AX86U isn’t affected. 
I think they have different CPU’s, but when I look at the ASUS specs they both appear to be pretty much the same on paper(exact CPU model is not shown just cores/freq)… Makes me wonder if the flaw is related to authentication and maybe a firmware level bug? I checked the below NIST and TWERT/CC sites for more details and it’s pretty barren on exact details. Honestly wouldn’t be shocked if more ASUS routers are susceptible to whatever the attack vector is or some flavor of it.
https://nvd.nist.gov/vuln/detail/CVE-2024-3080S
https://www.twcert.org.tw/en/cp-139-7860-760b1-2.html