The critical vulnerability tracked as CVE-2024-3080 affects the following Asus router models:
These models are impacted by the authentication bypass flaw, which allows unauthenticated remote attackers to gain control of the affected devices6. Asus has released firmware updates for these models to address the vulnerability.
The CVE-2024-3079 vulnerability and the CVE-2024-3080 vulnerability are both critical issues found in certain Asus router models. However, they differ in terms of the access they grant to hackers.
CVE-2024-3079 is a buffer overflow vulnerability that allows remote hackers who already have administrative access to an affected router to execute commands1. This means that the hacker must first obtain administrative access to exploit this vulnerability. The impact of this vulnerability is limited by the fact that it requires this initial access.
On the other hand, CVE-2024-3080 is an authentication bypass flaw. This vulnerability allows remote attackers to log into a device without any authentication. This is a more serious issue because it allows an attacker to gain initial access to the device without any prerequisites. The severity rating for this vulnerability is 9.8 out of 10, reflecting its potential impact.
In summary, while both vulnerabilities can lead to command execution, CVE-2024-3079 requires the attacker to already have administrative access, while CVE-2024-3080 allows the attacker to bypass authentication and gain initial access to the device.
The severity rating assigned to the CVE-2024-3080 vulnerability by the Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC) is 9.8 out of 10. This vulnerability is an authentication bypass flaw that allows remote attackers to log into a device without authentication1.