Get Even More Visitors To Your Blog, Upgrade To A Business Listing >>
Idioma: En

ASUS Advises Patching Critical Security Bugs Impacting Multiple Router Models

ASUS, the Taiwanese tech giant, took a significant step by releasing firmware updates designed to tackle a series of security vulnerabilities that impact various models of their routers.

A total of nine security flaws were identified, with two considered Critical and six rated as High in severity, while one vulnerability is still awaiting analysis.

Related Articles

The list of affected products encompasses a range of models, including GT6, GT-AXE16000, GT-AX11000 PRO, GT-AXE11000, GT-AX6000, GT-AX11000, GS-AX5400, GS-AX3000, XT9, XT8, XT8 V2, RT-AX86U PRO, RT-AX86U, RT-AX86S, RT-AX82U, RT-AX58U, RT-AX3000, TUF-AX6000, and TUF-AX5400.

ASUS has emphasized the importance of updating these routers to safeguard against potential security breaches.

Among the top-priority fixes are CVE-2018-1160 and CVE-2022-26376, both of which score an impressive 9.8 out of 10 on the CVSS scoring system.

CVE-2018-1160 deals with a nearly five-year-old out-of-bounds write bug found in pre-3.1.12 versions of Netatalk, posing a risk of arbitrary code execution by remote, unauthenticated attackers.

CVE-2022-26376, on the other hand, involves a memory corruption vulnerability within the Asuswrt firmware, which could be exploited through specially-crafted HTTP requests.

The remaining seven vulnerabilities are as follows:

  • CVE-2022-35401 (CVSS score: 8.1): An authentication bypass flaw that allows attackers to gain full administrative access to the device by sending malicious HTTP requests.
  • CVE-2022-38105 (CVSS score: 7.5): Data disclosure vulnerability enabling access to sensitive data by sending specially-crafted network packets.
  • CVE-2022-38393 (CVSS score: 7.5): A denial-of-service (DoS) vulnerability triggered by sending a specially-crafted network packet.
  • CVE-2022-46871 (CVSS score: 8.8): The usage of an outdated libusrsctp library, potentially exposing targeted devices to further attacks.
  • CVE-2023-28702 (CVSS score: 8.8): A command injection flaw exploitable by a local attacker to execute unauthorized system commands, disrupt services, or terminate operations.
  • CVE-2023-28703 (CVSS score: 7.2): A stack-based buffer overflow vulnerability that, when abused by an attacker with admin privileges, can execute unauthorized system commands, disrupt services, or terminate operations.
  • CVE-2023-31195 (CVSS score: N/A): An adversary-in-the-middle (AitM) flaw that may lead to the hijacking of a user’s session.

ASUS strongly advises users to promptly apply the latest firmware updates to mitigate potential security risks.

As a temporary workaround, they suggest disabling services accessible from the WAN side to minimize the chances of unwanted intrusions. These services include remote access from WAN, DDNS, port forwarding, DMZ, VPN server, and port trigger. Additionally, ASUS encourages customers to regularly audit their equipment and establish separate passwords for the wireless network and the router administration page.



This post first appeared on , please read the originial post: here

Share the post

ASUS Advises Patching Critical Security Bugs Impacting Multiple Router Models

×

Subscribe to

Get updates delivered right to your inbox!

Thank you for your subscription

×