CVE-2024-13062
Published: 02 January 2025
Description
An unintended entry point vulnerability has been identified in certain router models, which may allow for arbitrary command execution. Refer to the ' 01/02/2025 ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information.
Security Summary
CVE-2024-13062 is an unintended entry point vulnerability identified in certain ASUS router models, specifically impacting the AiCloud feature. This flaw may allow for arbitrary command execution and is linked to CWE-77 (Command Injection) and CWE-912 (Hidden Functionality). Published on January 2, 2025, it carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.
The vulnerability can be exploited over the network by attackers with high privileges, such as authenticated administrative users, requiring low complexity and no user interaction. Successful exploitation enables arbitrary command execution on the router, resulting in high confidentiality, integrity, and availability impacts, potentially leading to full device compromise.
Mitigation details are outlined in the ASUS Product Security Advisory, particularly the "01/02/2025 ASUS Router AiCloud vulnerability" section, accessible at https://www.asus.com/content/asus-product-security-advisory/. Security practitioners should consult this advisory for affected models, patches, and recommended actions.
Details
- CWE(s)