Asus Issues Security Updates for Nine Router Vulnerabilities
To fix urgent security flaws in its WiFi router product lines, Asus released firmware updates. Attackers might be able to use the vulnerabilities to run programs, conduct denial-of-service assaults, and reveal confidential data.
The 2018 vulnerability with the highest severity score has a CVSS severity rating of 9.8/10. This denotes that it is extremely crucial and might give attackers full control of a vulnerable router.
The bug, designated CVE-2018-1160, is a memory corruption flaw in Netatalk versions prior to 3.1.12. “Attacker-controlled data did not have bounds checking”, which is the cause of this. The advisory states that a remote, unauthenticated attacker can take advantage of this vulnerability to execute arbitrary code.
Additionally, CVE-2022-26376 (CVSS 9.8/10), a memory corruption flaw in the httpd unescape feature of Asuswrt earlier than 188.8.131.52.386_48706 and Asuswrt-Merlin New Gen earlier than 386.7, is patched by the Asus firmware upgrade.
Our Readers ALSO READGigabyte Motherboards Found to Have Backdoor Functionality, Posing Security Risks
The company, which has struggled with security problems in the past, listed, listed the affected WiFi routers as Asus GT6, GT-AXE16000, GT-AX11000 PRO, GT-AX6000, GT-AX11000, GS-AX5400, GS-AX3000, XT9, XT8, XT8 V2, RT-AX86U PRO, RT-AX86U, RT-AX86S, RT-AX82U, RT-AX58U, RT-AX3000, TUF-AX6000, and TUF-AX5400 and TUF-AX5400. The company released a statement advising its users,
If you choose not to install this new firmware version, we strongly recommend disabling services accessible from the WAN side to avoid potential unwanted intrusions. These services include remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port trigger.
Additionally, Asus is adamantly advising its users to “periodically audit both your equipment and your security procedures” in order to fend off a wave of malware attacks aimed against router infrastructure.
The company advised its users to, update their routers to the latest firmware. They strongly recommend that users should do it as soon as new firmware is released.