ASUS has found critical vulnerabilities in popular wireless routers

ASUS has found critical vulnerabilities in popular wireless routers – firmware with fixes has already been released

ASUS has fixed three critical vulnerabilities in its RT-AX55, RT-AX56U_V2, and RT-AC86U routers that could potentially allow attackers to take control of these devices without the necessary security updates. All three of these wireless router models are popular with gamers and regular users, according to Bleeping Computer, and are still available on the ASUS website and sold in retail stores.

    Image source: BleepingComputer

Image source: BleepingComputer

All vulnerabilities were rated 9.8 out of 10 by the CVSS v3.1 severity rating system. This is one of the highest severity ratings due to the nature of the issues. All three vulnerabilities are so-called uncontrolled string formatting vulnerabilities. This allows attackers to take control of the ASUS router remotely and without authentication. To do this, it is enough to send a specially crafted command statement to the vulnerable device. ASUS routers are affected by the following three vulnerabilities: CVE-2023-39238, CVE-2023-39239, and CVE-2023-39240.

Detailed information on security issues is not available, but all three vulnerabilities are known input string formatting vulnerabilities in the ser_iperf3_svr.cgi API module and the general configuration function. Such a vulnerability could be caused by improper validation of instructions, such as user input.

ASUS has released patches to fix all three router vulnerabilities. Owners of these devices are advised to install firmware updates immediately to protect their devices from possible attacks. Below are links to update download sites:

  • for RT-AX55 – ASUS RT-AX55 firmware update version or later;
  • for RT-AX56U – update version or newer;
  • for RT-AC86U – Firmware update resolves reported security issues.

It is also recommended to disable the remote management (WAN Web Access) feature on devices. This prevents many remote attacks on the router.


About the author

Robbie Elmers

Robbie Elmers is a staff writer for Tech News Space, covering software, applications and services.

Add Comment

Click here to post a comment