Even the best gaming routers are susceptible to attacks, which means that everyone must be vigilant when to comes to serious security vulnerabilities that materialize. Such is the case with three popular wireless routers from Asus, which are the subject of code execution vulnerability attacks by nefarious parties (first noted by Bleeping Computer). The affected routers are the Asus RT-AX55, RT-AX56U_V2, and RT-AC86U.
According to the Taiwan National Computer Emergency Response Team (TWNCERT), all three routers are exploitable via three separate vulnerabilities. It should be noted that each is described as a "format string vulnerability" and has a CVSS v3.1 score of 9.8. Considering that the CVSS v3.1 scale maxes out at 10.0, these vulnerabilities are listed as "critical" by TWNCERT.
This is how TWNCERT describes the flaws:
- CVE-2023-39238: Format string vulnerability affecting the set_iperf3_svr.cgi API module. Remote code execution is possible due to improperly validated input strings.
- CVE-2023-39239: Format string vulnerability relating to general configuration functions of the router that can lead to remote code execution and service interruption.
- CVE-2023-39240: Related to another format string vulnerability, this time with the set_iperf3_cli.cgi API module.
There's good news and bad news regarding these exploits. The bad news is that, if left unpatched, the security flaws leave owners of these Asus routers open for attack. Infiltrating your wireless router is a crucial vector for delivering malware to your connected devices. The good news is that Asus already has patches available to address these flaws.
- RT-AX55 owners need to download firmware 18.104.22.168.386_50460 (or later)
- RT-AX56U_V2 owners need to download firmware 22.214.171.124.386_50460 (or later)
- RT-AC86U owners need to download firmware 126.96.36.199_386_51529 (or later)
You can download your router's firmware using the above links and upload it using the web GUI, or you can go the easier route and have the router update itself.
For most Asus routers, you must log in to your router, navigate to Administration, and click the Firmware Upgrade tab. From there, check for a new firmware update by clicking the "Check" button under Firmware Version. If a new firmware update is available, you can choose to install it. To ensure that your router is always up-to-date, you can always turn on the Auto Firmware Upgrade option.