CATEGORIES
home IT Infrastructure Security

ASUS Issues Critical Firmware Update For 19 Router Models, Update ASAP

by Nathan OrdWednesday, June 21, 2023, 03:30 PM EDT
asus publishes security advisory and new firmware for 19 routers
Earlier this week, ASUS pushed a firmware update for 19 of the company’s routers which fixed nine different CVEs and enhanced security across the board. While updating your routers, ASUS also recommends that owners disable services accessible from the WAN side, such as port forwarding, DDNS, VPN, DMZ, and port triggering, to “avoid potential unwanted intrusions.”

Of the vulnerabilities listed in ASUS report, at least two are rated at 9.8 out of 10 on the Common Vulnerability Scoring System (CVSS) scale. The first and eldest is CVE-2018-1160, with a bug in Netatalk allowing an out-of-bounds write, which an attacker can leverage to get code execution on the router. The second is CVE-2022-26376, a memory corruption vulnerability that can be triggered with a “specially crafted HTTP request” and yield potential code execution or information leakage.

Of course, those were more generalized vulnerabilities, and there are many others to be concerned about if you have the afflicted router model. For example, CVE-2022-35401 is an authentication bypass vulnerability wherein an attacker could gain full administrative access to an Asus RT-AX82U. Thus, if you have an ASUS router, it is time to take a look to see if yours is up to date. To do so, you can find your router model and click any of the corresponding links below.

Affected ASUS Routers
GT6
GT-AXE16000

GT-AXE16000		 GT-AXE11000 PRO GT-AXE11000 GT-AX6000
GT-AX11000 GS-AX5400  GS-AX3000 ZenWiFi XT9 ZenWiFi XT8
ZenWiFi XT8_V2 RT-AX86U PRO RT-AX86U  RT-AX86S RT-AX82U
RT-AX58U  RT-AX3000  TUF-AX6000   TUF-AX5400  

With this update, ASUS “strongly encourage[s] you to periodically audit both your equipment and your security procedures, as this will ensure that you will be better protected.” This includes updating your router to the latest firmware as it becomes available, having separate passwords for wireless networks and router administration pages, and enabling ASUS AiProtection, if supported, to help with all this and general network security.

At the end of the day, routers are a juicy target for threat actors looking to build up a botnet while minimizing detection. This is exactly what we have seen in the past with the MooBot/Mirai botnet, which turned D-Link routers into botnet slaves late last year. Hopefully, this will not happen with ASUS routers, but update now regardless and protect your devices.
Tags:  Asus, security, Router, cybersecurity
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment