CVE-2024-0401

Name of the Vulnerable Software and Affected Versions ASUS ExpertWiFi version (affected versions not specified) ASUS RT-AX55 version (affected versions not specified) ASUS RT-AX58U version (affected versions not specified) ASUS RT-AC67U version (affected versions not specified) ASUS RT-AC68R version (affected versions not specified) ASUS RT-AC68U version (affected versions not specified) ASUS RT-AX86 version (affected versions not specified) ASUS RT-AC86U version (affected versions not specified) ASUS RT-AX88U version (affected versions not specified) ASUS RT-AX3000 version (affected versions not specified)

Description The issue is a code execution vulnerability affecting ASUS routers that support custom OpenVPN profiles. An authenticated and remote attacker can execute arbitrary operating system commands by uploading a crafted OVPN profile.

Recommendations For all affected ASUS router models, consider disabling custom OpenVPN profile support until a patch is available. Restrict access to the OVPN profile upload feature to minimize the risk of exploitation. Avoid using the custom OpenVPN profile feature in the affected routers until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.