CVE-2024-28326 is a vulnerability identified in ASUS RT-N12+ B1 and RT-N12 D1 routers stemming from incorrect access control on the UART (Universal Asynchronous Receiver/Transmitter) interface. This vulnerability allows an attacker with local physical access to the device to obtain root terminal access without requiring authentication or user interaction. The UART interface is typically used for low-level device management and debugging, and improper access control here means an attacker can bypass normal security mechanisms to execute commands with root privileges. The vulnerability is categorized under CWE-1263, which relates to improper access control leading to privilege escalation. The CVSS 3.1 base score is 6.8, reflecting a medium severity with high impact on confidentiality, integrity, and availability, but limited by the requirement for local physical access (AV:P - Physical). No patches or exploits are currently known or published, but the risk remains significant due to the full control an attacker can gain. The lack of authentication and user interaction requirements makes this a straightforward attack once physical access is obtained. This vulnerability highlights the importance of securing hardware debug interfaces on network devices to prevent unauthorized root access.

The primary impact of CVE-2024-28326 is the complete compromise of affected ASUS routers, allowing attackers to gain root-level control. This can lead to unauthorized configuration changes, interception or manipulation of network traffic, installation of persistent malware, and disruption of network services. Confidentiality is at risk as attackers can access sensitive network data; integrity is compromised through potential unauthorized modifications; and availability can be affected by disabling or destabilizing the device. Organizations relying on these routers for critical network functions, including small businesses and home users, face risks of network breaches and lateral movement within their networks. The requirement for physical access limits remote exploitation but does not eliminate risk in environments where devices are accessible to untrusted personnel or attackers. The absence of known exploits in the wild suggests limited current exploitation but also indicates the need for proactive mitigation before attackers develop and deploy exploits.

1. Physically secure all ASUS RT-N12+ B1 and RT-N12 D1 routers to prevent unauthorized access to the UART interface, including placing devices in locked enclosures or restricted areas. 2. Where possible, disable the UART interface or restrict its access through hardware modifications or firmware settings to prevent unauthorized use. 3. Monitor physical access logs and network device tampering indicators to detect potential unauthorized access attempts. 4. Regularly audit network devices for unauthorized hardware modifications or suspicious behavior indicative of compromise. 5. Engage with ASUS support or security advisories to obtain patches or firmware updates once available and apply them promptly. 6. Consider replacing affected devices with models that have hardened hardware interfaces if physical security cannot be guaranteed. 7. Educate staff on the risks of physical access to network devices and enforce strict access control policies. 8. Implement network segmentation to limit the impact of compromised devices on broader network infrastructure.