ASUS routers vulnerable to critical remote code execution flaws (patched)

Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,601
Content source
https://www.bleepingcomputer.com/news/security/asus-routers-vulnerable-to-critical-remote-code-execution-flaws/
Three critical-severity remote code execution vulnerabilities impact ASUS RT-AX55, RT-AX56U_V2, and RT-AC86U routers, potentially allowing threat actors to hijack devices if security updates are not installed.

These three WiFi routers are popular high-end models within the consumer networking market, currently available on the ASUS website, favored by gamers and users with demanding performance needs.

The flaws, which all have a CVSS v3.1 score of 9.8 out of 10.0, are format string vulnerabilities that can be exploited remotely and without authentication, potentially allowing remote code execution, service interruptions, and performing arbitrary operations on the device.

Format string flaws are security problems arising from unvalidated and/or unsanitized user input within the format string parameters of certain functions. They can lead to various issues, including information disclosure and code execution.

Attackers exploit these flaws using specially crafted input sent to the vulnerable devices. In the case of the ASUS routers, they would target certain administrative API functions on the devices.
Click to expand...
ASUS released patches that address the three flaws in early August 2023 for RT-AX55, in May 2023 for AX56U_V2, and in July 2023 for RT-AC86U.

Users who haven’t applied security updates since then should consider their devices vulnerable to attacks and prioritize the action as soon as possible.

Furthermore, as many consumer router flaws target the web admin console, it is strongly advised to turn off the remote administration (WAN Web Access) feature to prevent access from the internet.
Click to expand...
www.bleepingcomputer.com

ASUS routers vulnerable to critical remote code execution flaws

Three critical-severity remote code execution vulnerabilities impact ASUS RT-AX55, RT-AX56U_V2, and RT-AC86U routers, potentially allowing threat actors to hijack devices if security updates are not installed.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • +Reputation
  • Like
Reactions: harlan4096, vtqhtr413 and silversurfer
You must log in or register to reply here.

Similar threads

MuzzMelbourne
    • Like
    • +Reputation
    • Applause
ASUS urges customers to patch critical router vulnerabilities
Replies
2
Views
1,082
News Archive
blackice
blackice
Gandalf_The_Grey
    • +Reputation
    • Like
    • Applause
Security News Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs
Replies
3
Views
1,219
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • +Reputation
Microsoft August 2023 Patch Tuesday warns of 2 zero-days, 87 flaws
Replies
2
Views
956
News Archive
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top