19 Asus Routers Need Their Firmware Updated Immediately | by PCMag | PC Magazine | Jun, 2023

Asus releases a patch for 9 serious security flaws, some of which are rated ‘high’ or ‘critical.’

By Matthew Humphries

Asus released a critical firmware update for 19 of its wireless routers that fixes nine serious security flaws as well as 17 other vulnerabilities.

As Bleeping Computer reports, this is a firmware update owners of Asus routers shouldn’t ignore. Of the nine security flaws it fixes, at least two are critical bugs that could allow an attacker to execute code or trigger a DDoS attack.

The full list of security fixes(Opens in a new window) contained in this firmware update are:

• Fixed CVE-2023–28702, CVE-2023–28703, CVE-2023–31195, CVE-2022–46871, CVE-2022–38105, CVE-2022–35401, CVE-2018–1160, CVE-2022–38393, CVE-2022–26376
• Fixed DoS vulnerabilities in firewall configuration pages
• Fixed DoS vulnerabilities in httpd
• Fixed information disclosure vulnerability
• Fixed null pointer dereference vulnerabilities
• Fixed the cfg server vulnerability
• Fixed the vulnerability in the log message function.
• Fixed Client DOM Stored XSS
• Fixed HTTP response splitting vulnerability
• Fixed status page HTML vulnerability
• Fixed HTTP response splitting vulnerability
• Fixed Samba related vulnerabilities
• Fixed Open redirect vulnerability
• Fixed token authentication security issues
• Fixed security issues on the status page
• Enabled and supported ECDSA certificates for Let’s Encrypt
• Enhanced protection for credentials
• Enhanced protection for OTA firmware updates

The vulnerable routers requiring the update include the GT6, GT-AXE16000(Opens in a new window) , GT-AX11000 PRO GT-AXE11000, GT-AX6000, GT-AX11000, GS-AX5400, GS-AX3000, ZenWiFi XT9, ZenWiFi XT8, ZenWiFi XT8 V2, RT-AX86U PRO, RT-AX86U, RT-AX86S, RT-AX82U, RT-AX58U, RT-AX3000, TUF-AX6000, and TUF-AX5400.

If you own a router on that list, simply click on its model name above, and you’ll be taken to its product page where a link to the latest firmware download is available. Need help installing the firmware? Asus has a helpful FAQ to guide you through the process.

Asus also recommends creating separate passwords for your wireless network and router-administration page, and if you router supports it, enable Asus AiProtection (details available in your router’s user manual).

If you opt not to install this critical firmware update, Asus strongly recommends, “disabling services accessible from the WAN side to avoid potential unwanted intrusions. These services include remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port trigger.” It’s much easier to install the firmware update and close the security holes.