Three critical remote code execution vulnerabilities in ASUS routers potentially allow attackers to hijack the network devices.
ASUS routers RT-AX55, RT-AX56U_V2, and RT-AC86U are affected by three critical remote code execution vulnerabilities that can potentially allow threat actors to take over the devices.
The three vulnerabilities were reported by the Taiwanese CERT, below are their descriptions:
- CVE-2023-39238 (CVSS 9.8): ASUS RT-AX55, RT-AX56U_V2 and RT-AC86U iperf-related modules set_iperf3_svr.cgi API has a format string vulnerability. This function does not properly verify the input format string. A remote, unauthenticated attacker can exploit the flaw to gain remote code execution to perform arbitrary operations on the device or interrupt service.
- CVE-2023-39239 (CVSS 9.8): ASUS RT-AX55, RT-AX56U_V2 and RT-AC86U have a format string vulnerability in the API of the general setting function. This function does not properly verify the input format string. A remote, unauthenticated attacker can exploit this vulnerability to gain remote code execution, perform arbitrary operations on devices or interrupt services.
- CVE-2023-39240 (CVSS 9.8): ASUS RT-AX55, RT-AX56U_V2 and RT-AC86U iperf-related modules set_iperf3_cli.cgi API has a format string vulnerability. This function does not properly verify the input format string. Remote attackers can exploit it without permission. This vulnerability allows remote code execution to perform arbitrary operations on the device or interrupt service.
Attackers can trigger the above issues by providing specially crafted input to certain administrative API functions on the devices.
The flaws impact firmware versions 3.0.0.4.386_50460, 3.0.0.4.386_50460, and 3.0.0.4_386_51529 of the RT-AX55, RT-AX56U_V2, and RT-AC86U ASUS routers.
The vendor states that the following firmware versions address the vulnerabilities:
The vendor urges customers to apply security updates as soon as possible.
ASUS recommends turning off the remote administration (WAN Web Access) feature as a workaround.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, routers)
Pierluigi Paganini Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.