ASUS has recently released a security advisory in which several ASUS critical router vulnerabilities have been fixed. The vulnerabilities were found to affect multiple ASUS routers with CVEs.
The company has recommended its users upgrade to the latest version of firmware to fix these router vulnerabilities.
CVE(s) of ASUS critical Router Vulnerabilities:
ASUS has fixed around 9 CVEs, as reported in the security advisory. The recent one was found to be CVE-2023-28702, and the oldest one was CVE-2018-1160.
CVE CVSS Score CVSS Vector Description CVE-2023-28702 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Command Injection due to unsanitized parameters in specific web URLs CVE-2023-28703 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Out of Bounds Write due to insufficient validation of network packet header CVE-2023-31195 N/A N/A Man-In-the-Middle attack due to insecure Cookie attributeCVE-2022-46871 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Outdated Library (libusrsctp) exploitation CVE-2022-38105 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Out-of-bounds read leads to denial of service CVE-2022-35401 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Authentication bypass due to expired keyCVE-2018-1160 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Out of bounds write in dsi_opensess.c in Netatalk leads to arbitrary code execution CVE-2022-38393 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Out-of-bounds read leads to denial of service CVE-2022-26376 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Bounds writing leads to memory corruption
Affected Products:
The list of routers affected by these CVE(s) includes,
GT6
GT-AXE16000
GT-AXE11000 PRO
GT-AXE11000
GT-AX6000
GT-AX11000
GS-AX5400
GS-AX3000
ZenWiFi XT9
ZenWiFi XT8
ZenWiFi XT8_V2
RT-AX86U PRO
RT-AX86U
RT-AX86S
RT-AX82U
RT-AX58U
RT-AX3000
TUF-AX6000
TUF-AX5400
ASUS has recommended all of its users patch their routers to prevent attackers.
If upgrading is not required or might affect your configurations, turning off the vulnerable services is recommended.
Source: https://cybersecuritynews.com/asus-critical-router-vulnerabilities/