ASUS urges customers to patch critical router vulnerabilities


Level 15
Thread author
Top Poster
Mar 13, 2022
ASUS has released new firmware with cumulative security updates that address vulnerabilities in multiple router models, warning customers to immediately update their devices or restrict WAN access until they're secured.

As the company explains, the newly released firmware contains fixes for nine security flaws, including high and critical ones.

The most severe of them are tracked as CVE-2022-26376 and CVE-2018-1160. The first is a critical memory corruption weakness in the Asuswrt firmware for Asus routers that could let attackers trigger denial-of-services states or gain code execution.

The other critical patch is for an almost five-year-old CVE-2018-1160 bug caused by an out-of-bounds write Netatalk weakness that can also be exploited to gain arbitrary code execution on unpatched devices.


Staff Member
Malware Hunter
Jul 27, 2015
an almost five-year-old CVE-2018-1160 bug


Level 39
Top Poster
Apr 1, 2019
Most of these CVEs have been fixed over the last year. It seems they are more concerned about people running really old firmware missing multiple big fixes. The two highlighted CVEs were fixed last year in Merlin's custom firmware and shortly after by ASUS. Only a handful of these CVEs were in the latest firmware (which is over a month old), and it looks like more of a standard security update. Some of these CVEs only apply to individual router models. It's a weird announcement since there isn't actually any 'new' firmware for most of these devices.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.