Ensure Network Security: Update Asus Router Firmware to Guard Against Potential Remote Attacks

  • Home
  • Ensure Network Security: Update Asus Router Firmware to Guard Against Potential Remote Attacks

Ensure Network Security: Update Asus Router Firmware to Guard Against Potential Remote Attacks

If you use an Asus router and haven’t updated the firmware recently, be aware that you may be a potential target for remote attacks. Several critical vulnerabilities announced today allow hackers to execute code and arbitrary operations on affected routers not running current firmware.

As reported by Bleeping Computer, three models (Asus RT-AX55, RT-AX56U_V2, and RT-AC86U) are susceptible to issues CVE-2023-39238, CVE-2023-39239, and CVE-2023-39240, which are related to APIs handling administrative functions. These format string vulnerabilities allow unverified user input, meaning input that shouldn’t be allowed can slip through. A remote attacker can then remotely input specifically crafted text to an affected router to run their own code, interrupt operations, or execute arbitrary operations.

On the CVSS v3.0 scale, these vulnerabilities are rated as 9.8 out of 10, putting them in the Critical category (anything above 9.0). While this scale does not relate to the resulting risk from a flaw, it indicates how severe the issue is.

If you own one of the affected routers, here are the firmware versions you should update to:

  • RT-AX55: 3.0.0.4.386_51948 or later
  • RT-AX56U_V2: 3.0.0.4.386_51948 or later
  • RT-AC86U: 3.0.0.4.386_51915 or later

These patches were all released this year, with the AX56U_V2 receiving its updated firmware in May 2023, the RT-AC86U in July 2023, and the RT-AX55 in August 2023.

If your router is affected, you should check your firmware version immediately. After verifying (and updating, if needed), you should also consider turning off remote access to your router. Since most people set up their router and then forget about it, you won’t need that feature, and you’ll stay better protected with it off. This is just one of the core pieces of advice we tech journalists give about securing your home network properly.