Multiple Asus routers have been found vulnerable to security flaws and quite a few of them have been labelled "critical" with a Common Vulnerability Scoring System (CVSS) score of 9.8. Meanwhile, the rest of the vulnerabilities are also labelled as "high" severity with CVSS scores of 8.8.
The vulnerabilities were disclosed by the Taiwan Computer Emergency Response Team/Coordination Center (TWCERT/CC) and there are eight of them in total. With the successful exploitation of these flaws, attackers can carry out command injection and remote code execution (RCE).
The full vulnerability list as well as the models of the routers, ie, RT-AC86U (AC2900) RT-AX56U (AX1800), and RT-AX55 (AX1800), are given below. These have been listed alongside the Taiwan vulnerability Note (TVN) IDs as well as the CVE (Common Vulnerabilities and Exposure) IDs:
- TVN-202309009 (ASUS RT-AX55, RT-AX56U_V2, RT-AC86U):
- Format String - 3: CVE-2023-39240
- TVN-202309008 (ASUS RT-AX55, RT-AX56U_V2, RT-AC86U):
- Format String - 2: CVE-2023-39239
- TVN-202309007 (ASUS RT-AX55, RT-AX56U_V2, RT-AC86U):
- Format String - 1: CVE-2023-39238
- TVN-202309006 (ASUS RT-AC86U):
- Command injection vulnerability - 5: CVE-2023-39237
- TVN-202309005 (ASUS RT-AC86U):
- Command injection vulnerability - 4: CVE-2023-39236
- TVN-202309004 (ASUS RT-AC86U):
- Command injection vulnerability - 3: CVE-2023-38033
- TVN-202309003 (ASUS RT-AC86U - ):
- Command injection vulnerability - 2: CVE-2023-38032
- TVN-202309002 (ASUS RT-AC86U):
- Command injection vulnerability - 1: CVE-2023-38031
You can find the necessary firmware updates for the routers in the list below or manually look up the firmware to download it from the support section of the respective router model:
According to HKCERT, the following firmware versions patch the issue though the release notes do not confirm so:
Apply fixes issued by the vendor:
- RT-AX55: Update to version 3.0.0.4.386_51948 or later
- RT-AX56U_V2: Update to version 3.0.0.4.386_51948 or later
- RT-AC86U: Update to version 3.0.0.4.386_51915 or later
If you have one of the three models of routers listed above, you can bookmark this article and revisit it in order to check for the applicable firmware update that patches these flaws.
8 Comments - Add comment