Three high-end ASUS router models, RT-AX55, RT-AX56U_V2, and RT-AC86U, are facing a critical security threat due to three remote code execution vulnerabilities. These vulnerabilities, which have a CVSS v3.1 score of 9.8, have the potential to allow threat actors to take control of the routers if security updates are not applied. The routers are particularly popular among gamers and users requiring high-performance networking.
Furthermore, the vulnerabilities stem from format string issues, which result from unvalidated user input within format string parameters of specific functions. Such flaws can lead to severe problems, including code execution and information disclosure. Attackers can exploit these flaws remotely and without authentication by sending specially crafted input to the routers, targeting specific administrative API functions.
To address these vulnerabilities, ASUS has released firmware updates. Users of RT-AX55, RT-AX56U_V2, and RT-AC86U routers are strongly advised to apply these updates promptly to protect their devices from potential hijacking and cyberattacks.
It is also recommended to disable the remote administration (WAN Web Access) feature to enhance security, as many consumer router vulnerabilities target web admin consoles. Failure to apply security updates may leave devices vulnerable to exploitation, emphasizing the urgency of this action.
