Connect with us

Business

ASUS Critical Router Vulnerabilities Let Attackers Execute Arbitrary Code

Published

on

ASUS has recently released a security advisory in which several ASUS critical router vulnerabilities have been fixed. The vulnerabilities were found to affect multiple ASUS routers with CVEs.

The company has recommended its users upgrade to the latest version of firmware to fix these router vulnerabilities.

CVE(s) of ASUS critical Router Vulnerabilities:

ASUS has fixed around 9 CVEs, as reported in the security advisory. The recent one was found to be CVE-2023-28702, and the oldest one was CVE-2018-1160. 

CVECVSS ScoreCVSS VectorDescription
CVE-2023-287028.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HCommand Injection due to unsanitized parameters in specific web URLs
CVE-2023-287037.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HOut of Bounds Write due to insufficient validation of network packet header
CVE-2023-31195N/AN/AMan-In-the-Middle attack due to insecure Cookie attribute
CVE-2022-468718.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HOutdated Library (libusrsctp) exploitation
CVE-2022-381057.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NOut-of-bounds read leads to denial of service
CVE-2022-354018.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HAuthentication bypass due to expired key
CVE-2018-11609.8CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HOut of bounds write in dsi_opensess.c in Netatalk leads to arbitrary code execution
CVE-2022-383937.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HOut-of-bounds read leads to denial of service
CVE-2022-263769.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HBounds writing leads to memory corruption

Affected Products:

The list of routers affected by these CVE(s) includes, 

  • GT6
  • GT-AXE16000
  • GT-AXE11000 PRO
  • GT-AXE11000
  • GT-AX6000
  • GT-AX11000
  • GS-AX5400
  • GS-AX3000
  • ZenWiFi XT9
  • ZenWiFi XT8
  • ZenWiFi XT8_V2
  • RT-AX86U PRO
  • RT-AX86U
  • RT-AX86S
  • RT-AX82U
  • RT-AX58U
  • RT-AX3000
  • TUF-AX6000
  • TUF-AX5400

ASUS has recommended all of its users patch their routers to prevent attackers.

If upgrading is not required or might affect your configurations, turning off the vulnerable services is recommended.

Source: https://cybersecuritynews.com/asus-critical-router-vulnerabilities/

Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2023 Cyber Reports Cyber Security News All Rights Reserved Website by Top Search SEO