Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2024-3080 — Improper Authentication in Rt-ac68u

CWE-287 — Improper Authentication6 documents6 sources

Severity

9.8CRITICALNVD

EPSS

53.7%

top 2.00%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Asus Rt-ac68u Asus Rt-ac86u Asus Rt-ax57 +4 more

Timeline

PublishedJun 14

Latest updateApr 9

Description

Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages7 packages

▶CVEListV5asus/rt-ax57earlier — 3.0.0.4.386_52294

▶CVEListV5asus/rt-ac68uearlier — 3.0.0.4.386_51668

▶CVEListV5asus/rt-ac86uearlier — 3.0.0.4.386_51915

▶CVEListV5asus/rt-ax58uearlier — 3.0.0.4.388_23925

▶CVEListV5asus/rt-ax88uearlier — 3.0.0.4.388_24198

🔴Vulnerability Details

GHSA

GHSA-6c6m-p94j-g86j: Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device↗2024-06-14

▶

CVEList

ASUS Router - Improper Authentication↗2024-06-14

▶

VulnCheck

ASUS Router Authentication Bypass Vulnerability↗2024

▶

💥Exploits & PoCs

Nuclei

ASUS DSL-AC88U - Authentication Bypass

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS ASUS DSL-AC88U Authentication Bypass Attempt (CVE-2024-3080)↗2025-04-09

▶