ASUS releases firmware with urgent security updates for its routers

In its security portal ASUS has published an urgent firmware with a multitude of patches and security updates that affect several of its most famous routers and urges users to update them as soon as possible.

The firmware introduces a total of 18 fixes and improvements:

1. Fix for vulnerabilities CVE-2023-28702, CVE-2023-28703, CVE-2023-31195, CVE-2022-46871, CVE-2022-38105, CVE-2022-35401, CVE-2018-1160, CVE-2022-38393 , CVE-2022-26376
2. Fixed DoS vulnerabilities in firewall configuration pages.
3. Fixed DoS vulnerabilities in httpd.
4. Fixed information disclosure vulnerability.
5. Fixed null pointer dereferencing vulnerabilities.
6. Fixed server cfg vulnerability.
7. Fixed vulnerability in log message feature.
8. Fixed DOM Client stored in XSS.
9. Fixed HTTP response split vulnerability
10. Fixed status page HTML vulnerability.
11. Fixed HTTP response split vulnerability.
12. Fixed vulnerabilities related to Samba.
13. Fixed open redirect vulnerability.
14. Fixed token authentication security issues.
15. Fixed security issues on the status page.
16. ECDSA certificates enabled and supported for Let’s Encrypt.
17. Enhanced protection for credentials.
18. Improved protection for OTA firmware updates.

Specifically, the update is valid for new routers and also for models that have been on the market for several years: ASUS GT6/GT-AXE16000/GT-AX11000 PRO/GT-AXE11000/GT-AX6000/GT-AX11000/GS-AX5400/GS-AX3000/XT9/XT8/XT8 V2/RT-AX86U PRO/RT-AX86U/RT- AX86S/RT-AX82U/RT-AX58U/RT-AX3000/TUF-AX6000/TUF-AX5400.

In case of not updating, ASUS recommends disabling all router services that can be accessed from outside the local network, such as VPN, DDNS, remote management or port opening.

End of Article. Tell us something in the Comments!