It's a good idea to periodically check for firmware updates for all of your hardware devices, especially in this era of the Internet of Things (IoT). We could go on a whole tangent about the
state of security affairs within the IoT industry, but will save that for another time. For now, we encourage to check if your wireless router is running the latest firmware, particularly if you own an ASUS model.
ASUS is pushing out updates for at least three popular Wi-Fi router models, those being the RT-AC86U (AC2900), RT-AX56U (AX1800), and RT-AX55 (AX1800). The latter two are Wi-Fi 6 (802.11ax) routers, while the first one is a Wi-Fi 5 (802.11ac) model. The MSRPs on these models range from $89.99 to $149.99
All three are vulnerable to a set of format string security flaws, each with a Common Vulnerability Scoring System (CVSS) rating of 9.8 out 10. That puts the flaws squarely into 'Critical' territory. Hackers with the proper know-how can exploit each one remotely and then run arbitrary operations and/or interrupt service.
Here are the three flaws as outlined by Taiwan's CERT website...
In each case, the affected router models fail to properly verify the input format string in various API modules. These kinds of verification issues can let malicious text slip through, so essentially a remote attacker could run code without your authorization and do all kinds of bad things from there, including the installation of malware and data theft.
Fortunately, ASUS has issued firmware updates for all three models. You can find them at the following links...
We're not seeing the 51948 firmware update for the RT-AX56U, though it's possible that the Taiwan CERT website meant to indicate the 51665 release, which is the most recent firmware update we're seeing. Also note that there's an even newer 52041 release for the RT-AX55, which you might as apply (you don't have to install firmware updates in order, just skip to the latest version).
As an added level of precaution, you can disable remote access to your router, if that's not a feature you ever plan on using anyway. You can accomplish this by going to Administration > Remote Access Config and flipping the Enable Web Access from WAN toggle to No.