Taiwanese computer hardware manufacturer Asus has released critical firmware updates for its WiFi router product lines to address security vulnerabilities. The company warns users about the potential risk of remote code execution attacks and advises taking immediate action.
Vulnerabilities and Fixes: Asus has identified at least nine security defects and multiple weaknesses in its routers that could lead to code execution, denial-of-service, information disclosure, and authentication bypasses. One of the most severe vulnerabilities, with a CVSS severity rating of 9.8/10, dates back to 2018 and exposes routers to code execution attacks.
The specific vulnerability, known as CVE-2018-1160, involves a memory corruption issue in Netatalk before version 3.1.12. According to the advisory, the lack of bounds checking on attacker-controlled data enables remote unauthenticated attackers to execute arbitrary code.
In addition, Asus has addressed CVE-2022-26376 (CVSS 9.8/10), a memory corruption vulnerability in the httpd unescape functionality of Asuswrt prior to version 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to version 386.7. This vulnerability can be triggered by a specially-crafted HTTP request, leading to memory corruption.
Affected Routers and Recommendations: Asus has provided a list of affected WiFi routers, including models such as Asus GT6, GT-AXE16000, GT-AX11000 PRO, GT-AX6000, GT-AX11000, GS-AX5400, GS-AX3000, XT9, XT8, XT8 V2, RT-AX86U PRO, RT-AX86U, RT-AX86S, RT-AX82U, RT-AX58U, RT-AX3000, TUF-AX6000, and TUF-AX5400.
To mitigate the risks, Asus advises users who choose not to install the new firmware version to disable services accessible from the WAN side. This includes remote access from WAN, port forwarding, DDNS, VPN server, DMZ, and port trigger. The company strongly recommends periodically auditing both equipment and security procedures to enhance protection against malware attacks targeting router infrastructure. Users are also urged to update their routers to the latest firmware and set up separate passwords for wireless networks and router-administration pages.
Conclusion: Asus has taken swift action by releasing urgent firmware updates to address security vulnerabilities in its WiFi routers. Users are encouraged to promptly install the updates and follow the recommended security measures to safeguard their router infrastructure and protect against potential attacks.
Comments
Post a Comment