If you have an Asus router, you need to patch it now or risk being hacked

News
By Craig Hale
published

Asus router update includes a fix five years in the making

malware
(Image credit: Elchinator from Pixabay)

Asus has pushed out a firmware update affecting many of its router models, and is urging customers to either apply the update immediately, or to restrict WAS access until they can.

In a statement, the company noted that, “If you choose not to install this new firmware version, we strongly recommend disabling services accessible from the WAN side to avoid potential unwanted intrusions,” which includes remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port trigger.

The firmware update addresses no fewer than nine CVEs, including three from 2023, five from 2022, and one dating back as far as 2018. A number of other vulnerabilities and issues were also fixed as part of the motion.

Asus Wi-Fi router security fix

The routers in question include: GT6, GT-AXE16000, GT-AX11000 PRO, GT-AXE11000, GT-AX6000, GT-AX11000, GS-AX5400, GS-AX3000, XT9, XT8, XT8 V2, RT-AX86U PRO, RT-AX86U, RT-AX86S, RT-AX82U, RT-AX58U, RT-AX3000, TUF-AX6000, and TUF-AX5400.

Read more

> These are the best firewalls to keep you safe

> Cisco routers are being targeted by custom Russian malware

> These popular VPN routers are being hacked to spread malware

The most serious vulnerabilities are among the oldest, including the 2018 entry which could be exploited to gain arbitrary code execution, and CVE-2022-26376 which could see unauthorized parties execute memory corruption attacks. Both were awarded a ‘critical’ score of 9.8 under NIST’s National Vulnerability Database.

This comes precisely one month after the company disclosed an error in the configuration files for some of its routers which saw users’ connections interrupted - a fix was automatically issued and affected users did not need to apply a security update (though some reported rebooting the device was necessary).

The best advice comes in the form of staying on top of security fixes for any device connected to the Internet to prevent attackers from gaining unwanted access. Asus’s firmware updates are available on its support page.

Like other router manufacturers, the Taiwanese company stresses the importance of setting up separate passwords for the wireless network and the router admin panel.

Craig Hale
Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!