Cybersecurity researchers discovered three major vulnerabilities in some high-end ASUS routers, which could be used to hijack endpoints, disrupt connectivity, and deploy malware and ransomware.
The routers in question are ASUS RT-AX55, RT-AX56U_V2, and RT-AC86U – all high-end devices used by gamers and other individuals with high-performance demands.
The vulnerabilities plaguing these devices are tracked as CVE-2023-39238, CVE-2023-39239, and CVE-2023-39240. They carry scores between 9.8 and 10.0, and affect firmware versions 126.96.36.199.386_50460, 188.8.131.52.386_50460, and 184.108.40.206_386_51529 respectively.
In the meantime, ASUS has deployed a fix and urged its users to apply it immediately. Those using any of the three vulnerable routers should make sure they apply these firmware updates:
RT-AX55: 220.127.116.11.386_51948 or later
RT-AX56U_V2: 18.104.22.168.386_51948 or later
RT-AC86U: 22.214.171.124.386_51915 or later
Also, users are advised to turn off the remote administration feature (WAN Web Access), as that’s how hackers usually target these devices.
ASUS has had a busy summer. In late June this year, the company was forced to push out a firmware update to address a number of high-severity flaws that were discovered. The firmware update addressed no fewer than nine CVEs, including three from 2023, five from 2022, and one dating back as far as 2018. A number of other vulnerabilities and issues were also fixed as part of the motion.
In a statement, the company noted that, “If you choose not to install this new firmware version, we strongly recommend disabling services accessible from the WAN side to avoid potential unwanted intrusions,” which includes remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port trigger.
The routers in question included: GT6, GT-AXE16000, GT-AX11000 PRO, GT-AXE11000, GT-AX6000, GT-AX11000, GS-AX5400, GS-AX3000, XT9, XT8, XT8 V2, RT-AX86U PRO, RT-AX86U, RT-AX86S, RT-AX82U, RT-AX58U, RT-AX3000, TUF-AX6000, and TUF-AX5400.