A critical vulnerability in ASUS ZenWiFi XT8 routers, identified as CVE-2024-3080, has been actively exploited in a record-breaking distributed denial-of-service (DDoS) attack. This flaw, which carries a CVSS score of 9.8, allows unauthenticated remote attackers to bypass authentication mechanisms and gain access to the device. The vulnerability, published on June 14, 2024, is categorized under CWE-287, indicating an authentication bypass issue.
The exploitation of this vulnerability has led to one of the largest DDoS attacks recorded, leveraging the compromised routers to amplify traffic and overwhelm target networks. The attack highlights the severe impact such vulnerabilities can have when left unpatched, especially in widely used consumer devices like the ASUS ZenWiFi XT8.
The Exploit Prediction Scoring System (EPSS) for this vulnerability is 0.537, suggesting a moderate likelihood of exploitation, which has been realized in this case. Security teams are advised to prioritize addressing this flaw, as indicated by the Security Severity Vulnerability Classification (SSVC) rating of 'attend.'
ASUS has yet to release a patch for this vulnerability, leaving affected devices exposed to potential exploitation. Network administrators and users of the ASUS ZenWiFi XT8 are urged to implement mitigations such as disabling remote management features and monitoring network traffic for unusual activity until a fix is available. Immediate action is crucial to prevent further exploitation and mitigate the risk of additional attacks.
CSURFACE