Vulnerabilities Uncovered: Critical Remote Code Execution Risks in ASUS Routers – Source: heimdalsecurity.com

ASUS routers have come under the spotlight due to three critical remote code execution vulnerabilities.

These vulnerabilities pose a significant threat, with all three receiving a CVSS v3.1 score of 9.8 out of 10.0. They can be exploited remotely and without authentication, potentially leading to remote code execution, service interruptions, and unauthorized operations on the affected devices.

The Vulnerabilities

1. CVE-2023-39238 (CVSS 9.8): This vulnerability is associated with the iperf-related modules on ASUS RT-AX55, RT-AX56U_V2, and RT-AC86U routers.
2. CVE-2023-39239 (CVSS 9.8): Another format string vulnerability, this time in the API of the general setting function on the same router models. It lacks proper input format string verification, enabling remote code execution.
3. CVE-2023-39240 (CVSS 9.8): This vulnerability affects the iperf-related modules in the routers’ set_iperf3_cli.cgi API.

Protection and Solutions

ASUS has acted swiftly to address these vulnerabilities and has released firmware updates to rectify the issues. Users are strongly urged to apply the following firmware versions or later:

• RT-AX55: 3.0.0.4.386_51948
• RT-AX56U_V2: 3.0.0.4.386_51948
• RT-AC86U: 3.0.0.4.386_51915

ASUS released patches that address the three flaws in early August 2023 for RT-AX55, in May 2023 for AX56U_V2, and in July 2023 for RT-AC86U.

The discovery of these critical vulnerabilities underscores the importance of timely firmware updates and proactive security measures to safeguard network devices from potential threats.

Furthermore, as a precaution, ASUS recommends disabling the remote administration (WAN Web Access) feature on these routers. This measure can help prevent unauthorized access from the internet, which is a common target for attacks on consumer routers.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and YouTube for more cybersecurity news and topics.