CVE-2024-3080

Name of the Vulnerable Software and Affected Versions: ASUS router models (affected versions not specified)

Description: The issue is related to an authentication bypass vulnerability in certain ASUS router models, allowing unauthenticated remote attackers to log in to the device. This vulnerability has been exploited in real-world incidents, including a record-breaking 3.8 Tbps DDoS attack that lasted 65 seconds. The attack was likely caused by a botnet of infected ASUS routers. It is estimated that over 147,000 ASUS routers are potentially vulnerable due to this issue. The vulnerability is associated with deficiencies in the authentication procedure.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.