Asus is recommending users update the firmware on some of its most popular routers in order to address critical security vulnerabilities. The updates include fixes or mitigations for nine security vulnerabilities.
According to Bleeping Computer, the CVE-2022-26376 and CVE-2018-1160 vulnerabilities are the most worrisome. The first is a memory corruption vulnerability that could let attackers launch DoS attacks or even execute code. It carries a critical 9.8/10 severity rating according to the NIST's National Vulnerability Database.
The second is a five-year-old vulnerability with the same 9.8/10 critical rating. It too can allow an attacker to execute code. Both methods place the router at risk of becoming part of a botnet or used for all kinds of nefarious purposes.
The list of affected models follows: GT6, GT-AXE16000, GT-AX11000 PRO, GT-AX6000, GT-AX11000, GS-AX5400, GS-AX3000, XT9, XT8, XT8 V2, RT-AX86U PRO, RT-AX86U, RT-AX86S, RT-AX82U, RT-AX58U, RT-AX3000, TUF-AX6000, and TUF-AX5400.
Asus clearly believes these are significant issues. "Please note, if you choose not to install this new firmware version, we strongly recommend disabling services accessible from the WAN side to avoid potential unwanted intrusions. These services include remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port trigger," Asus said on its Product Security Advisory webpage.
In other words, turn off your internet. Eek.
An unpatched router will be at risk of being turned into a botnet zombie, which can then be used to carry out a variety of scummy actions including Denial of Service attacks, password theft, or sending spam emails.
Asus routers have been targeted in the past. Last year its devices were vulnerable to the Cyclops Blink malware. Asus is not the only router manufacturer to have security issues, though. Pretty much every manufacturer faces them at some point. In 2020, the Fraunhofer Institute for Communication (FKIE) examined 127 home routers from several manufacturers, and all 127 had vulnerabilities.
Check for router updates regularly, folks! Its either that or ditch the internet altogether.