ASUS urges customers to patch critical router vulnerabilities

MuzzMelbourne

MuzzMelbourne

Level 15
Thread author
Verified
Top Poster
Well-known
Mar 13, 2022
599
Content source
https://www.bleepingcomputer.com/news/security/asus-urges-customers-to-patch-critical-router-vulnerabilities/
ASUS has released new firmware with cumulative security updates that address vulnerabilities in multiple router models, warning customers to immediately update their devices or restrict WAN access until they're secured.

As the company explains, the newly released firmware contains fixes for nine security flaws, including high and critical ones.

The most severe of them are tracked as CVE-2022-26376 and CVE-2018-1160. The first is a critical memory corruption weakness in the Asuswrt firmware for Asus routers that could let attackers trigger denial-of-services states or gain code execution.

The other critical patch is for an almost five-year-old CVE-2018-1160 bug caused by an out-of-bounds write Netatalk weakness that can also be exploited to gain arbitrary code execution on unpatched devices.
Click to expand...
www.bleepingcomputer.com

ASUS urges customers to patch critical router vulnerabilities

ASUS has released new firmware with cumulative security updates that address vulnerabilities in multiple router models, warning customers to immediately update their devices or restrict WAN access until they're secured.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • +Reputation
  • Applause
Reactions: vtqhtr413, harlan4096, upnorth and 6 others
upnorth

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
an almost five-year-old CVE-2018-1160 bug
Click to expand...
20-23-00.gif
 
  • HaHa
  • Sad
Reactions: silversurfer, vtqhtr413 and Gandalf_The_Grey
blackice

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,786
Most of these CVEs have been fixed over the last year. It seems they are more concerned about people running really old firmware missing multiple big fixes. The two highlighted CVEs were fixed last year in Merlin's custom firmware and shortly after by ASUS. Only a handful of these CVEs were in the latest firmware (which is over a month old), and it looks like more of a standard security update. Some of these CVEs only apply to individual router models. It's a weird announcement since there isn't actually any 'new' firmware for most of these devices.
 
  • Like
Reactions: windows1064, Gandalf_The_Grey, silversurfer and 1 other person
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • +Reputation
    • Like
ASUS routers vulnerable to critical remote code execution flaws (patched)
Replies
1
Views
1,176
News Archive
codswollip
codswollip
[correlate]
    • Like
    • +Reputation
Millions of Exim mail servers exposed to zero-day RCE attacks
Replies
0
Views
1,352
News Archive
[correlate]
[correlate]
MuzzMelbourne
    • Applause
    • +Reputation
Western Digital Blocks Unpatched Devices From Cloud Services
Replies
0
Views
585
News Archive
MuzzMelbourne
MuzzMelbourne

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top