Urian B., Tech Times

ASUS warns its users to patch their routers to deal with critical vulnerabilities. Multiple router models were reported to be affected, with Asus already launching a security update.

ASUS Urges Users to Get a Security Update for Multiple Routers

According to Bleeping Computer, ASUS has released new firmware with cumulative security updates that address vulnerabilities in many router models. Customers were warned to update their devices quickly or restrict wide area network (WAN) access until they were secured.

According to the company, the latest firmware will fix nine security issues, including those high and critical ones.

Most Severe Vulnerabilities Spotted Are CVE-2022-26376 and CVE-2018-1160

As Asus urged users to update their routers to the latest firmware, the company revealed that the most severe flaws were tracked as CVE-2022-26376 and CVE-2018-1160. 

It was noted that the first problem was a critical memory corruption weakness found in the Asuswrt firmware for Asus routers. It could allow attackers to trigger certain denial-of-service states or even gain code execution.

Other Critical Patch Can Also Cause the Same Amount of Damage

The second critical patch is for a nearly five-year-old CVE-2018-1160 bug reportedly caused by an out-of-bounds write Netatalk weakness. This issue 

could also be exploited to obtain arbitrary code execution on devices that are unpatched.

An ASUS advisory that was recently published said that for those who do not want to install the new firmware versions, they recommend disabling services that were accessible from the WAN side to avoid potential unwanted intrusions.

Read Also: Hackers Threaten Reddit with Data Leak and Ransom Demand Following Breach

ASUS Gives Additional Warnings and Advice to Users

Asus said they recommend disabling services, which include "remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port trigger."

"We strongly encourage you to periodically audit both your equipment and your security procedures, as this will ensure that you will be better protected," the company said in the advisory.

ASUS warned users of affected routers to immediately update them to the latest firmware available via the support website or each product's page.

List of Impacted ASUS Models

  • The ASUS GT6 router
  • The ASUS GT-AXE16000 router
  • The ASUS GT-AX11000 PRO router
  • The ASUS GT-AX6000 router
  • The ASUS GT-AX11000 router
  • The ASUS GS-AX5400 router
  • The ASUS GS-AX3000 router
  • The ASUS XT9 router
  • The ASUS XT8 router
  • The ASUS XT8 V2 router
  • The ASUS RT-AX86U PRO router
  • The ASUS RT-AX86U router
  • The ASUS RT-AX86S router
  • The ASUS RT-AX82U router
  • The ASUS RT-AX58U router
  • The ASUS RT-AX3000 router
  • The ASUS TUF-AX6000 router
  • The ASUS TUF-AX5400 router

ASUS also urged users to create a unique password for their wireless network and router administration pages. They also recommended at least eight characters consisting of uppercase letters, numbers, and symbols.

The company's warning should be taken seriously as Asus' products were known to have been previously targeted by botnets.

Last year, ASUS issued a warning about Cyclops Blink malware attacks, which targeted its many router models to gain persistence and use them for remote access into affected networks.

Related Article: Microsoft June Outage: DDoS Attack Took Down Outlook, OneDrive Earlier-Possibly Pro-Russian Ties

Tech Times

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Tags: Asus patch Router CVE-2022-26376 CVE-2018-1160 Asus Routers Asus router
Join the Discussion