ASUS has released a new firmware update for multiple router models, addressing nine security vulnerabilities, including high and critical ones. The most severe vulnerabilities, tracked as CVE-2022-26376 and CVE-2018-1160, involve critical memory corruption in Asus WRT firmware and an out-of-bounds write Netatalk weakness, respectively.
These flaws could potentially lead to denial-of-service states or unauthorized code execution. ASUS advises customers to immediately update their devices with the new firmware or, if not possible, to restrict WAN access to mitigate potential security risks. The impacted router models include GT6, GT-AXE16000, GT-AX11000 PRO, and others. In a security advisory, ASUS emphasized the importance of installing the new firmware and warned users that choosing not to do so may expose their devices to potential unwanted intrusions. The company suggests disabling services accessible from the WAN side, such as remote access, port forwarding, DDNS, VPN server, DMZ, and port trigger, for added security. ASUS also encourages users to periodically audit their equipment and security procedures to ensure better protection.
Users are urged to visit the support website, each product’s page, or follow links provided in the advisory to promptly update their routers. Additionally, ASUS recommends creating strong, unique passwords for both wireless networks and router administration pages, with at least eight characters combining uppercase letters, numbers, and symbols. This proactive approach by ASUS highlights the importance of prompt firmware updates and robust security practices to safeguard users against potential cyber threats targeting vulnerabilities in router firmware.
Reference:
