ASUS has rolled out a new set of firmware updates to address critical vulnerabilities in its several router models. The company published a security advisory yesterday recommending customers to apply the security patches or restrict WAS access.
Specifically, the latest firmware updates aim to fix two critical vulnerabilities with a 9.8 severity rating out of 10. Tracked as CVE-2018-1160, the first flaw could enable threat actors to gain arbitrary code execution. Meanwhile, the second vulnerability (CVE-2022-26376) could be triggered with a “specially-crafted HTTP” request that leads to memory corruption.
According to ASUS, the security flaws have impacted around 20 router models. The list includes GT6, GT-AXE16000, GT-AX11000 PRO, GT-AXE11000, GT-AX6000, GT-AX11000, GS-AX5400, GS-AX3000, XT9, XT8, XT8 V2, RT-AX86U PRO, RT-AX86U, RT-AX86S, RT-AX82U, RT-AX58U, RT-AX3000, TUF-AX6000, and TUF-AX5400.
ASUS advises customers to urgently patch vulnerable WiFi routers
ASUS has urged customers to patch all affected router models to prevent hackers from gaining unauthorized access. However, people who are not yet ready to install the updates should disable services accessible through WAN.
“If you choose not to install this new firmware version, we strongly recommend disabling services accessible from the WAN side to avoid potential unwanted intrusions. These services include remote access from WAN, port forwarding, DDNS, VPN server, DMZ, and port trigger,” ASUS explained.
It’s highly recommended that customers should regularly audit their network equipment to mitigate potential security risks. The company also suggests setting up separate passwords for the router admin panel and the wireless network. We invite you to check out this support article for more details about firmware updates for your specific model.