Asus, the Taiwanese computer hardware manufacturer, has released urgent firmware updates on Monday to address multiple security vulnerabilities in its WiFi router product lines. The company warned users of the potential risk of remote code execution attacks. The advisory from Asus detailed at least nine security flaws and numerous weaknesses that could lead to code execution, denial-of-service, information disclosure, and authentication bypasses.
The most severe of these vulnerabilities is a highly critical bug with a CVSS severity rating of 9.8/10, which dates back to 2018 and leaves routers susceptible to code execution attacks. This vulnerability, identified as CVE-2018-1160, is a memory corruption issue in Netatalk before 3.1.12. The advisory states, “This is due to lack of bounds checking on attacker-controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.”
The firmware update from Asus also addresses CVE-2022-26376 (CVSS 9.8/10), a memory corruption vulnerability in the httpd unescape functionality of Asuswrt prior to 184.108.40.206.386_48706 and Asuswrt-Merlin New Gen prior to 386.7. According to Asus, “A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.”
Asus, which has faced security issues in the past, listed the affected WiFi routers as Asus GT6, GT-AXE16000, GT-AX11000 PRO, GT-AX6000, GT-AX11000, GS-AX5400, GS-AX3000, XT9, XT8, XT8 V2, RT-AX86U PRO, RT-AX86U, RT-AX86S, RT-AX82U, RT-AX58U, RT-AX3000, TUF-AX6000, and TUF-AX5400. The company advised, “If you choose not to install this new firmware version, we strongly recommend disabling services accessible from the WAN side to avoid potential unwanted intrusions. These services include remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port trigger.”
Asus also strongly recommends that users “periodically audit both your equipment and your security procedures” to protect against an increasing number of malware attacks targeting router infrastructure. The company urged users to “Update your router to the latest firmware. We strongly recommend that you do so as soon as new firmware is released,” and to establish separate passwords for wireless networks and router-administration pages.