ASUS has announced a raft of firmware updates to fix critical vulnerabilities found in a number of router devices.
The firm revealed that nine security vulnerabilities were discovered in networking appliances - two of which were rated as ‘critical’ with six designated as ‘high’ risk.
Tracked as CVE-2018-1160 and CVE-2022-26376, the two critical vulnerabilities were given a 9.8 severity rating out of a possible 10, the company said.
Analysis shows that the former of these pertains to an out of bounds write bug found in Netatalk prior to version 3.1.12. This near-five-year-old vulnerability could enable an unauthorised party to achieve arbitrary code execution.
Meanwhile, CVE-2022-26376 is a memory corruption vulnerability found in Asuswrt and Asuswrt-Merlin New Gen firmware. This flaw could allow an attacker to trigger this vulnerability by leveraging a “specially-crafted HTTP” request, which would cause memory corruption.
Nearly 20 router models have been affected by disclosed vulnerabilities, ASUS revealed.
These include:
- GT6
- GT-AXE16000
- GT-AX11000 PRO
- GT-AXE11000
- GT-AX6000
- GT-AX11000
- GS-AX5400
- GS-AX3000
- XT9
- XT8
- XT8 V2
- RT-AX86U PRO
- RT-AX86U
- RT-AX86S
- RT-AX82U
- RT-AX58U
- RT-AX3000
- TUF-AX6000
- TUF-AX5400.
In its security advisory on 19 June, ASUS urged customers to patch affected routers as soon as possible to avoid risk of exposure.
The firm warned that customers choosing not to install new firmware updates should disable services accessible from via WAN to “avoid potential unwanted intrusions”.
“These services include remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port trigger,” ASUS said.
The company also recommended frequent auditing of equipment to ensure firmware is up to date and to mitigate risk.
“We strongly encourage you to periodically audit both your equipment and your security procedures, as this will ensure that you will be better protected,” the firm said.
-
Trump's AI executive order could leave US in a 'regulatory vacuum'News Citing a "patchwork of 50 different regulatory regimes" and "ideological bias", President Trump wants rules to be set at a federal level
-
TPUs: Google's home advantageITPro Podcast How does TPU v7 stack up against Nvidia's latest chips – and can Google scale AI using only its own supply?
-
The Asus ExpertBook P3 is a big-screen Copilot+ PC that gives you all-day working comfortReviews A brilliant big-screen business laptop with some foibles and one minor weakness – for all-day productivity, it's hard to beat
-
The Asus ProArt P16 is a first-class laptop for creative prosReviews With high-performance specs, a slick design, and a spectacular screen, this is a superb Windows device for serious creative work
-
Asus ZenScreen MB169CK review: Portable, cheap and usefulReviews A simple, affordable portable monitor with mostly sensible design and minimal frills – for the money, it's a good buy
-
Looking for a new mini PC? The ASUS NUC 15 Pro+ is a productivity powerhouse – it’s quieter than previous models, AI-enabled, and is very compactNews ASUS’ tiny desktop device is aimed at power users and those with upgrades in mind
-
Asus Zenbook S14 (2024) review: Putting Intel's new Core Ultra CPUs to the testReviews Intel's Lunar Lake tech lets it down on multi-threaded performance but makes up for it with single-core and GPU speeds – plus excellent battery life
-
Asus ProArt PX13 review: An exceptional device for power users and creatives on the goReviews Packing cutting-edge components into a compact chassis, the Asus ProArt PX13 might be the ultimate Windows laptop for creatives on the move
-
Asus Zenbook S16 (UM5606) review: A stunning showcase for AMD's new AI techReviews With impressive all-round performance and an excellent OLED screen, the new Zenbook S16 delivers fantastic value for business and creative pros
-
Asus Vivobook S15 Copilot+ PC review: The Snapdragon X Elite goes mainstreamReviews Cutting-edge hardware and a fantastic screen make this a strong Copilot+ PC, even if the design is low on flair
