CVE-2024-12912

High

Published: 02 January 2025

Published

02 January 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0013 32.1th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Description

An improper input insertion vulnerability in AiCloud on certain router models may lead to arbitrary command execution. Refer to the '01/02/2025 ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information.

Security Summary

CVE-2024-12912 is an improper input insertion vulnerability (CWE-20, CWE-77) affecting AiCloud on certain ASUS router models. Published on January 2, 2025, this flaw allows for arbitrary command execution due to inadequate validation of user-supplied input. The vulnerability carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H).

Attackers can exploit this vulnerability over the network with low complexity, provided they possess high privileges such as administrative access to the router (PR:H) and without requiring user interaction. Successful exploitation enables arbitrary command execution, resulting in high impacts to confidentiality, integrity, and availability on the targeted device.

The ASUS Product Security Advisory provides further details, including mitigation guidance, in the '01/02/2025 ASUS Router AiCloud vulnerability' section, accessible at https://www.asus.com/content/asus-product-security-advisory/.

Details

CWE(s): CWE-20CWE-77

References

https://www.asus.com/content/asus-product-security-advisory/
54bf65a7-a193-42d2-b1ba-8e150d3c35e1