Critical Vulnerabilities in ASUS' Router Products
Published on 06 Sep 2023
ASUS has released security updates to address three critical remote code execution vulnerabilities (CVE-2023-39238, CVE-2023-39239, CVE-2023-39240) in some router products. The vulnerabilities have a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10.
Successful exploitation of the vulnerabilities could allow an attacker to execute arbitrary code by sending specially crafted inputs to the vulnerable products.
The vulnerabilities affect the following products and firmware versions:RT-AX55: 3.0.0.4.386_50460 RT-AX56U_V2: 3.0.0.4.386_50460 RT-AC86U: 3.0.0.4.386_51529
Users and administrators of affected products are advised to turn off the remote administration (WAN Web Access) feature to prevent access from the internet, and update their product's firmware immediately:RT-AX55: 3.0.0.4.386_51948 or later RT-AX56U_V2: 3.0.0.4.386_51948 or later RT-AC86U: 3.0.0.4.386_51915 or later
More information is available here:
https://www.bleepingcomputer.com/news/security/asus-routers-vulnerable-to-critical-remote-code-execution-flaws/
Successful exploitation of the vulnerabilities could allow an attacker to execute arbitrary code by sending specially crafted inputs to the vulnerable products.
The vulnerabilities affect the following products and firmware versions:
Users and administrators of affected products are advised to turn off the remote administration (WAN Web Access) feature to prevent access from the internet, and update their product's firmware immediately:
More information is available here:
https://www.bleepingcomputer.com/news/security/asus-routers-vulnerable-to-critical-remote-code-execution-flaws/
