ASUS has announced a raft of firmware updates to fix critical vulnerabilities found in a number of router devices.
The firm revealed that nine security vulnerabilities were discovered in networking appliances - two of which were rated as ‘critical’ with six designated as ‘high’ risk.
Tracked as CVE-2018-1160 and CVE-2022-26376, the two critical vulnerabilities were given a 9.8 severity rating out of a possible 10, the company said.
Analysis shows that the former of these pertains to an out of bounds write bug found in Netatalk prior to version 3.1.12. This near-five-year-old vulnerability could enable an unauthorised party to achieve arbitrary code execution.
Meanwhile, CVE-2022-26376 is a memory corruption vulnerability found in Asuswrt and Asuswrt-Merlin New Gen firmware. This flaw could allow an attacker to trigger this vulnerability by leveraging a “specially-crafted HTTP” request, which would cause memory corruption.
Nearly 20 router models have been affected by disclosed vulnerabilities, ASUS revealed.
These include:
- GT6
- GT-AXE16000
- GT-AX11000 PRO
- GT-AXE11000
- GT-AX6000
- GT-AX11000
- GS-AX5400
- GS-AX3000
- XT9
- XT8
- XT8 V2
- RT-AX86U PRO
- RT-AX86U
- RT-AX86S
- RT-AX82U
- RT-AX58U
- RT-AX3000
- TUF-AX6000
- TUF-AX5400.
In its security advisory on 19 June, ASUS urged customers to patch affected routers as soon as possible to avoid risk of exposure.
The firm warned that customers choosing not to install new firmware updates should disable services accessible from via WAN to “avoid potential unwanted intrusions”.
“These services include remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port trigger,” ASUS said.
The company also recommended frequent auditing of equipment to ensure firmware is up to date and to mitigate risk.
“We strongly encourage you to periodically audit both your equipment and your security procedures, as this will ensure that you will be better protected,” the firm said.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Looking for a new mini PC? The ASUS NUC 15 Pro+ is a productivity powerhouse – it’s quieter than previous models, AI-enabled, and is very compactNews ASUS’ tiny desktop device is aimed at power users and those with upgrades in mind
-
Asus Zenbook S14 (2024) review: Putting Intel's new Core Ultra CPUs to the testReviews Intel's Lunar Lake tech lets it down on multi-threaded performance but makes up for it with single-core and GPU speeds – plus excellent battery life
-
Asus ProArt PX13 review: An exceptional device for power users and creatives on the goReviews Packing cutting-edge components into a compact chassis, the Asus ProArt PX13 might be the ultimate Windows laptop for creatives on the move
-
Asus Zenbook S16 (UM5606) review: A stunning showcase for AMD's new AI techReviews With impressive all-round performance and an excellent OLED screen, the new Zenbook S16 delivers fantastic value for business and creative pros
-
Asus Vivobook S15 Copilot+ PC review: The Snapdragon X Elite goes mainstreamReviews Cutting-edge hardware and a fantastic screen make this a strong Copilot+ PC, even if the design is low on flair
-
Asus Vivobook S16 (S5606) Review: An outstanding 16-inch lightweight OLED laptopReviews The sublime 3.2K 120Hz OLED display is the cherry on top of this excellent ultrabook, boasting the latest Intel silicon, good connectivity and solid battery life.
-
Asus Chromebook Enterprise Flip CB5 review: A big-screen Chromebook built for businessReviews Good design, strong ergonomics, impressive performance, and a bigger screen make this a brilliant, business-ready Chromebook for long working days
-
Asus Vivobook Pro 15 OLED (N6506) Review: A high-quality all-rounder for a reasonable priceReviews With a potent Nvidia GPU and superb 120Hz OLED display, the new Vivobook Pro is a superb do-it-all laptop that won't break the bank
