Patching Security Holes: ASUS Firmware Updates Resolve Multiple Vulnerabilities in Router Models

Reading Time: ( Word Count: )

June 20, 2023
Nextdoorsec-course

ASUS, the Taiwanese company, has addressed multiple security vulnerabilities in its router models by releasing firmware updates. Nine security holes, two of which are rated as Critical and six as High severity, are to be fixed by the upgrades. There is one vulnerability that is currently awaiting analysis.

The impacted models comprise GT6, GT-AXE16000, GT-AX11000 PRO, GT-AXE11000, GT-AX6000, GT-AX11000, GS-AX5400, GS-AX3000, XT9, XT8, XT8 V2, RT-AX86U PRO, RT-AX86U, RT-AX86S, RT-AX82U, RT-AX58U, RT-AX3000, TUF-AX6000, and TUF-AX5400. 

The most prominent updates are CVE-2018-1160 and CVE-2022-26376, both of which received a score for severity of 9.8 out of 10 according to the CVSS scale.

CVE-2018-1160 describes an inaccessible write bug in Netatalk versions previous to 3.1.12. This bug, existing for nearly five years, could activate an unauthenticated, remote attacker to execute arbitrary code. CVE-2022-26376 is a memory corruption vulnerability found in the Asuswrt firmware. It can be exploited through a specially-crafted HTTP request.

ASUS

The remaining seven flaws are as follows:

CVE-2022-35401 (CVSS rating: 8.1): A login bypass flaw enables an intruder to send nefarious inquiries via HTTP to the target system and get complete administrator rights.

Using unique network packets, details exposure weakness CVE-2022-38105 (CVSS rating: 7.5) allows access to private data.

CVE-2022-38393, with a CVSS rating of 7.5 a denial-of-service (DoS) flaw that can be exploited via a network packet that has been customized.

Utilizing a previous version of the libusrsctp library could expose susceptible systems to more attacks, according to CVE-2022-46871 (CVSS score: 8.8).

A command-and-control input weakness known as CVE-2023-28702 (CVSS rating: 8.8) enables local hackers to execute unauthorized system instructions, cause disruptions, or stop services.

A stack-based buffering issue known as CVE-2023-28703 (CVSS score: 7.2) enables an attacker with administrative rights to run unauthorized system instructions, cause system disruption, or stop functions. 

CVE-2023-31195 (CVSS 0.0, no assessment): a hole that allows an attacker-in-the-middle (AitM) to take over a user’s session.

ASUS highly urges customers to immediately apply the most recent updates to reduce security concerns. Users are advised to discontinue services from the WAN side to avoid any possible malicious activity.

The company also suggests that customers periodically conduct equipment audits and establish separate passwords for the wireless network and router administration page.

Saher

Saher

Author

Saher is a cybersecurity researcher with a passion for innovative technology and AI. She explores the intersection of AI and cybersecurity to stay ahead of evolving threats.

Other interesting articles

Amazon Mistakenly Sends Out Gift Card Confirmations

Amazon Mistakenly Sends Out Gift Card Confirmations

Amazon unintentionally dispatched purchase confirmation emails regarding Hotels.com, Google Play, and Mastercard ...
FBI Flags Escalating Trend of Paired Ransomware Threats

FBI Flags Escalating Trend of Paired Ransomware Threats

The U.S. Federal Bureau of Investigation (FBI) has issued an alert regarding a rising trend of dual ransomware ...
Unraveling the Mystery Behind Discord’s Recent Block Message

Unraveling the Mystery Behind Discord’s Recent Block Message

Users of the renowned communication tool Discord were taken aback today when they were greeted with an alarming ...
Best Phishing Tools for Ethical Hacking in 2023

Best Phishing Tools for Ethical Hacking in 2023

Phishing is one of the most prevalent cyber threats today, seeking to exploit human vulnerabilities rather than ...
0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *