Asus released a critical firmware update for 19 of its wireless routers that fixes nine serious security flaws as well as 17 other vulnerabilities.
As Bleeping Computer reports, this is a firmware update owners of Asus routers shouldn't ignore. Of the nine security flaws it fixes, at least two are critical bugs that could allow an attacker to execute code or trigger a DDoS attack.
The full list of security fixes contained in this firmware update are:
Fixed CVE-2023-28702, CVE-2023-28703, CVE-2023-31195, CVE-2022-46871, CVE-2022-38105, CVE-2022-35401, CVE-2018-1160, CVE-2022-38393, CVE-2022-26376
Fixed DoS vulnerabilities in firewall configuration pages.
Fixed DoS vulnerabilities in httpd.
Fixed information disclosure vulnerability.
Fixed null pointer dereference vulnerabilities.
Fixed the cfg server vulnerability.
Fixed the vulnerability in the log message function.
Fixed Client DOM Stored XSS
Fixed HTTP response splitting vulnerability
Fixed status page HTML vulnerability.
Fixed HTTP response splitting vulnerability.
Fixed Samba related vulnerabilities.
Fixed Open redirect vulnerability.
Fixed token authentication security issues.
Fixed security issues on the status page.
Enabled and supported ECDSA certificates for Let's Encrypt.
Enhanced protection for credentials.
Enhanced protection for OTA firmware updates.
The vulnerable routers requiring the update include the GT6, GT-AXE16000, GT-AX11000 PRO, GT-AXE11000, GT-AX6000, GT-AX11000, GS-AX5400, GS-AX3000, ZenWiFi XT9, ZenWiFi XT8, ZenWiFi XT8 V2, RT-AX86U PRO, RT-AX86U, RT-AX86S, RT-AX82U, RT-AX58U, RT-AX3000, TUF-AX6000, and TUF-AX5400.
If you own a router on that list, simply click on its model name above and you'll be taken to its product page where a link to the latest firmware download is available. Need help installing the firmware? Asus has a helpful FAQ to guide you through the process.
Asus also recommends creating separate passwords for your wireless network and router-administration page, and if you router supports it, enable Asus AiProtection (details available in your router's user manual).
If you opt not to install this critical firmware update, Asus strongly recommends, "disabling services accessible from the WAN side to avoid potential unwanted intrusions. These services include remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port trigger." It's much easier to install the firmware update and close the security holes.
Readers' Choice 2022: Wireless Routers & Network Attached Storage Devices