ASUS urges customers to patch critical router vulnerabilities

MuzzMelbourne

MuzzMelbourne

Level 15
Thread author
Verified
Top Poster
Well-known
Mar 13, 2022
599
Content source
https://www.bleepingcomputer.com/news/security/asus-urges-customers-to-patch-critical-router-vulnerabilities/
ASUS has released new firmware with cumulative security updates that address vulnerabilities in multiple router models, warning customers to immediately update their devices or restrict WAN access until they're secured.

As the company explains, the newly released firmware contains fixes for nine security flaws, including high and critical ones.

The most severe of them are tracked as CVE-2022-26376 and CVE-2018-1160. The first is a critical memory corruption weakness in the Asuswrt firmware for Asus routers that could let attackers trigger denial-of-services states or gain code execution.

The other critical patch is for an almost five-year-old CVE-2018-1160 bug caused by an out-of-bounds write Netatalk weakness that can also be exploited to gain arbitrary code execution on unpatched devices.
Click to expand...
www.bleepingcomputer.com

ASUS urges customers to patch critical router vulnerabilities

ASUS has released new firmware with cumulative security updates that address vulnerabilities in multiple router models, warning customers to immediately update their devices or restrict WAN access until they're secured.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • +Reputation
  • Applause
Reactions: vtqhtr413, harlan4096, upnorth and 6 others
upnorth

upnorth

Level 68
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458
an almost five-year-old CVE-2018-1160 bug
Click to expand...
20-23-00.gif
 
  • HaHa
  • Sad
Reactions: silversurfer, vtqhtr413 and Gandalf_The_Grey
blackice

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
Most of these CVEs have been fixed over the last year. It seems they are more concerned about people running really old firmware missing multiple big fixes. The two highlighted CVEs were fixed last year in Merlin's custom firmware and shortly after by ASUS. Only a handful of these CVEs were in the latest firmware (which is over a month old), and it looks like more of a standard security update. Some of these CVEs only apply to individual router models. It's a weird announcement since there isn't actually any 'new' firmware for most of these devices.
 
  • Like
Reactions: windows1064, Gandalf_The_Grey, silversurfer and 1 other person
You must log in or register to reply here.

Similar threads

vtqhtr413
    • +Reputation
    • Like
Security News ASUS warns of critical remote authentication bypass on 7 routers
Replies
1
Views
1,662
Security News
blackice
blackice
Gandalf_The_Grey
    • +Reputation
    • Like
ASUS routers vulnerable to critical remote code execution flaws (patched)
Replies
1
Views
1,417
News Archive
codswollip
codswollip
Gandalf_The_Grey
    • Like
    • +Reputation
Security News Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws
Replies
2
Views
1,398
Security News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top