Pierluigi Paganini
June 20, 2023
ASUS is warning customers to update some router models to the latest firmware to address critical vulnerabilities.
The impacted models are GT6, GT-AXE16000, GT-AX11000 PRO, GT-AX6000, GT-AX11000, GS-AX5400, GS-AX3000, XT9, XT8, XT8 V2, RT-AX86U PRO, RT-AX86U, RT-AX86S, RT-AX82U, RT-AX58U, RT-AX3000, TUF-AX6000, and TUF-AX5400.
The firmware released by the company addressed nine vulnerabilities, including CVE-2023-28702, CVE-2023-28703, CVE-2023-31195, CVE-2022-46871, CVE-2022-38105, CVE-2022-35401, CVE-2018-1160, CVE-2022-38393, and CVE-2022-26376.
The most severe vulnerabilities are two critical issues, below are their descriptions:
“We strongly encourage you to periodically audit both your equipment and your security procedures, as this will ensure that you will be better protected.” reads the advisory published by ASUS. “Update your router to the latest firmware. We strongly recommend that you do so as soon as new firmware is released.”
“Please note, if you choose not to install this new firmware version, we strongly recommend disabling services accessible from the WAN side to avoid potential unwanted intrusions. These services include remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port trigger.” ASUS added.
In case customers cannot immediately install the updates, Asus recommends disabling services accessible from the WAN side to avoid potential unwanted intrusions. These services include remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port trigger.
The vendor also recommends creating distinct, strong passwords for the wireless network and router administration pages.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, backdoor)
