Top ASUS routers have serious security flaws that could let hackers hijack your device

(Image credit: Elchinator from Pixabay)

Cybersecurity researchers discovered three major vulnerabilities in some high-end ASUS routers, which could be used to hijack endpoints, disrupt connectivity, and deploy malware and ransomware.

The routers in question are ASUS RT-AX55, RT-AX56U_V2, and RT-AC86U - all high-end devices used by gamers and other individuals with high-performance demands. 

The vulnerabilities plaguing these devices are tracked as CVE-2023-39238, CVE-2023-39239, and CVE-2023-39240. They carry scores between 9.8 and 10.0, and affect firmware versions,, and respectively.

Remote admin

In the meantime, ASUS has deployed a fix and urged its users to apply it immediately. Those using any of the three vulnerable routers should make sure they apply these firmware updates: 

RT-AX55: or later
RT-AX56U_V2: or later
RT-AC86U: or later

Also, users are advised to turn off the remote administration feature (WAN Web Access), as that’s how hackers usually target these devices.

ASUS has had a busy summer. In late June this year, the company was forced to push out a firmware update to address a number of high-severity flaws that were discovered. The firmware update addressed no fewer than nine CVEs, including three from 2023, five from 2022, and one dating back as far as 2018. A number of other vulnerabilities and issues were also fixed as part of the motion.

In a statement, the company noted that, “If you choose not to install this new firmware version, we strongly recommend disabling services accessible from the WAN side to avoid potential unwanted intrusions,” which includes remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port trigger.

The routers in question included: GT6, GT-AXE16000, GT-AX11000 PRO, GT-AXE11000, GT-AX6000, GT-AX11000, GS-AX5400, GS-AX3000, XT9, XT8, XT8 V2, RT-AX86U PRO, RT-AX86U, RT-AX86S, RT-AX82U, RT-AX58U, RT-AX3000, TUF-AX6000, and TUF-AX5400.

Via: BleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.