Pierluigi Paganini June 20, 2023

ASUS addressed critical vulnerabilities in multiple router models, urging customers to immediately install firmware updates.

ASUS is warning customers to update some router models to the latest firmware to address critical vulnerabilities.

The impacted models are GT6, GT-AXE16000, GT-AX11000 PRO, GT-AX6000, GT-AX11000, GS-AX5400, GS-AX3000, XT9, XT8, XT8 V2, RT-AX86U PRO, RT-AX86U, RT-AX86S, RT-AX82U, RT-AX58U, RT-AX3000, TUF-AX6000, and TUF-AX5400.

The firmware released by the company addressed nine vulnerabilities, including CVE-2023-28702, CVE-2023-28703, CVE-2023-31195, CVE-2022-46871, CVE-2022-38105, CVE-2022-35401, CVE-2018-1160, CVE-2022-38393, and CVE-2022-26376.

The most severe vulnerabilities are two critical issues, below are their descriptions:

• CVE-2022-26376 is a memory corruption vulnerability that resides in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7. An attacker can trigger the issue by sending a specially-crafted HTTP request to impacted routers leading to memory corruption.
• CVE-2018-1160 is an out-of-bounds write issue that resides in dsi_opensess.c. The issue impacts Netatalk before 3.1.12 and stems from the lack of bounds checking on attacker-controlled data. A remote, unauthenticated attacker can trigger the issue to execute arbitrary code on vulnerable devices.

“We strongly encourage you to periodically audit both your equipment and your security procedures, as this will ensure that you will be better protected.” reads the advisory published by ASUS. “Update your router to the latest firmware. We strongly recommend that you do so as soon as new firmware is released.”

“Please note, if you choose not to install this new firmware version, we strongly recommend disabling services accessible from the WAN side to avoid potential unwanted intrusions. These services include remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port trigger.” ASUS added.

In case customers cannot immediately install the updates, Asus recommends disabling services accessible from the WAN side to avoid potential unwanted intrusions. These services include remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port trigger.

The vendor also recommends creating distinct, strong passwords for the wireless network and router administration pages.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, backdoor)