Critical Vulnerabilities in ASUS' Router Products

Published on 06 Sep 2023

ASUS has released security updates to address three critical remote code execution vulnerabilities (CVE-2023-39238, CVE-2023-39239, CVE-2023-39240) in some router products. The vulnerabilities have a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10. 

Successful exploitation of the vulnerabilities could allow an attacker to execute arbitrary code by sending specially crafted inputs to the vulnerable products.

The vulnerabilities affect the following products and firmware versions:
  • RT-AX55:
  • RT-AX56U_V2:
  • RT-AC86U:

  • Users and administrators of affected products are advised to turn off the remote administration (WAN Web Access) feature to prevent access from the internet, and update their product's firmware immediately:
  • RT-AX55: or later
  • RT-AX56U_V2: or later
  • RT-AC86U: or later

  • More information is available here: