ASUS Issues Critical Firmware Update For 19 Router Models, Update ASAP

asus publishes security advisory and new firmware for 19 routers
Earlier this week, ASUS pushed a firmware update for 19 of the company’s routers which fixed nine different CVEs and enhanced security across the board. While updating your routers, ASUS also recommends that owners disable services accessible from the WAN side, such as port forwarding, DDNS, VPN, DMZ, and port triggering, to “avoid potential unwanted intrusions.”

Of the vulnerabilities listed in ASUS report, at least two are rated at 9.8 out of 10 on the Common Vulnerability Scoring System (CVSS) scale. The first and eldest is CVE-2018-1160, with a bug in Netatalk allowing an out-of-bounds write, which an attacker can leverage to get code execution on the router. The second is CVE-2022-26376, a memory corruption vulnerability that can be triggered with a “specially crafted HTTP request” and yield potential code execution or information leakage.

Of course, those were more generalized vulnerabilities, and there are many others to be concerned about if you have the afflicted router model. For example, CVE-2022-35401 is an authentication bypass vulnerability wherein an attacker could gain full administrative access to an Asus RT-AX82U. Thus, if you have an ASUS router, it is time to take a look to see if yours is up to date. To do so, you can find your router model and click any of the corresponding links below.

Affected ASUS Routers
GT6
GT-AXE16000

GT-AXE16000
GT-AXE11000 PRO GT-AXE11000 GT-AX6000
GT-AX11000 GS-AX5400  GS-AX3000 ZenWiFi XT9 ZenWiFi XT8
ZenWiFi XT8_V2 RT-AX86U PRO RT-AX86U  RT-AX86S RT-AX82U
RT-AX58U  RT-AX3000  TUF-AX6000   TUF-AX5400  

With this update, ASUS “strongly encourage[s] you to periodically audit both your equipment and your security procedures, as this will ensure that you will be better protected.” This includes updating your router to the latest firmware as it becomes available, having separate passwords for wireless networks and router administration pages, and enabling ASUS AiProtection, if supported, to help with all this and general network security.

At the end of the day, routers are a juicy target for threat actors looking to build up a botnet while minimizing detection. This is exactly what we have seen in the past with the MooBot/Mirai botnet, which turned D-Link routers into botnet slaves late last year. Hopefully, this will not happen with ASUS routers, but update now regardless and protect your devices.