Asus patches three routers vulnerable to critical remote code execution flaw2023-09-06 14:50 by Daniela
Tags: ASUS, RT-AX55, RT-AX56U, RT-AC86U
Three critical remote code execution vulnerabilities have been identified and patched in several popular Wi-Fi routers from the Taiwanese hardware maker Asus. The affected routers are the Asus RT-AX55, RT-AX56U_V2, and RT-AC86U.
The flaws, which all have a CVSS v3.1 score of 9.8 out of 10.0, are format string vulnerabilities that can be exploited remotely and without authentication, potentially allowing remote code execution, service interruptions, and performing arbitrary operations on the device.
The vulnerabilities, tracked as CVE-2023-39238, CVE-2023-39239 and CVE-2023-39240, were disclosed by Taiwan's Computer Emergency Response Team (CERT) earlier today and impact the Asus RT-AX55, RT-AX56U_V2, and RT-AC86U running firmware versions 220.127.116.11.386_50460, 18.104.22.168.386_50460, and 22.214.171.124_386_51529.
These three WiFi routers are popular high-end models within the consumer networking market, currently available on the ASUS website, favored by gamers and users with demanding performance needs.
The recommended solution is to apply the following firmware updates:
ASUS released patches that address the three flaws in early August 2023 for RT-AX55, in May 2023 for AX56U_V2, and in July 2023 for RT-AC86U. Users who haven't applied security updates since then should consider their devices vulnerable to attacks and prioritize the action as soon as possible.
As an added level of precaution, you can disable remote access to your router, if that's not a feature you ever plan on using anyway. You can accomplish this by going to Administration > Remote Access Config and flipping the Enable Web Access from WAN toggle to No.
Read more -here-