Cybersecurity researchers discovered three major vulnerabilities in some high-end ASUS routers, which could be used to hijack endpoints, disrupt connectivity, and deploy malware and ransomware.
The routers in question are ASUS RT-AX55, RT-AX56U_V2, and RT-AC86U - all high-end devices used by gamers and other individuals with high-performance demands.
The vulnerabilities plaguing these devices are tracked as CVE-2023-39238, CVE-2023-39239, and CVE-2023-39240. They carry scores between 9.8 and 10.0, and affect firmware versions 188.8.131.52.386_50460, 184.108.40.206.386_50460, and 220.127.116.11_386_51529 respectively.
In the meantime, ASUS has deployed a fix and urged its users to apply it immediately. Those using any of the three vulnerable routers should make sure they apply these firmware updates:
RT-AX55: 18.104.22.168.386_51948 or later
RT-AX56U_V2: 22.214.171.124.386_51948 or later
RT-AC86U: 126.96.36.199.386_51915 or later
Also, users are advised to turn off the remote administration feature (WAN Web Access), as that’s how hackers usually target these devices.
ASUS has had a busy summer. In late June this year, the company was forced to push out a firmware update to address a number of high-severity flaws that were discovered. The firmware update addressed no fewer than nine CVEs, including three from 2023, five from 2022, and one dating back as far as 2018. A number of other vulnerabilities and issues were also fixed as part of the motion.
In a statement, the company noted that, “If you choose not to install this new firmware version, we strongly recommend disabling services accessible from the WAN side to avoid potential unwanted intrusions,” which includes remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port trigger.
The routers in question included: GT6, GT-AXE16000, GT-AX11000 PRO, GT-AXE11000, GT-AX6000, GT-AX11000, GS-AX5400, GS-AX3000, XT9, XT8, XT8 V2, RT-AX86U PRO, RT-AX86U, RT-AX86S, RT-AX82U, RT-AX58U, RT-AX3000, TUF-AX6000, and TUF-AX5400.
More from TechRadar Pro
- Think you’ve been affected? Check out the best endpoint protection tools
- Cisco routers are being targeted by custom Russian malware
- These popular VPN routers are being hacked to spread malware
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.