In its security portal ASUS has published an urgent firmware with a multitude of patches and security updates that affect several of its most famous routers and urges users to update them as soon as possible.
The firmware introduces a total of 18 fixes and improvements:
- Fix for vulnerabilities CVE-2023-28702, CVE-2023-28703, CVE-2023-31195, CVE-2022-46871, CVE-2022-38105, CVE-2022-35401, CVE-2018-1160, CVE-2022-38393 , CVE-2022-26376
- Fixed DoS vulnerabilities in firewall configuration pages.
- Fixed DoS vulnerabilities in httpd.
- Fixed information disclosure vulnerability.
- Fixed null pointer dereferencing vulnerabilities.
- Fixed server cfg vulnerability.
- Fixed vulnerability in log message feature.
- Fixed DOM Client stored in XSS.
- Fixed HTTP response split vulnerability
- Fixed status page HTML vulnerability.
- Fixed HTTP response split vulnerability.
- Fixed vulnerabilities related to Samba.
- Fixed open redirect vulnerability.
- Fixed token authentication security issues.
- Fixed security issues on the status page.
- ECDSA certificates enabled and supported for Let’s Encrypt.
- Enhanced protection for credentials.
- Improved protection for OTA firmware updates.
Specifically, the update is valid for new routers and also for models that have been on the market for several years: ASUS GT6/GT-AXE16000/GT-AX11000 PRO/GT-AXE11000/GT-AX6000/GT-AX11000/GS-AX5400/GS-AX3000/XT9/XT8/XT8 V2/RT-AX86U PRO/RT-AX86U/RT- AX86S/RT-AX82U/RT-AX58U/RT-AX3000/TUF-AX6000/TUF-AX5400.
In case of not updating, ASUS recommends disabling all router services that can be accessed from outside the local network, such as VPN, DDNS, remote management or port opening.
End of Article. Tell us something in the Comments!
Computer Engineer by training, writer and hardware analyst at Geeknetic since 2011. I love gutting everything that comes my way, especially the latest hardware that we receive here for reviews. In my free time I mess around with 3d printers, drones and other gadgets. For anything here you have me.