ASUS recently released critical security updates for several vulnerabilities across multiple router models. Two out of the nine vulnerabilities are categorized as Critical, including an out-of-bounds write vulnerability and a memory corruption flaw. Barracuda SOC recommends applying the latest security updates and disabling services accessible from the WAN (Wide Area Network).
What is the threat?
Nine vulnerabilities were highlighted in ASUS’ recent security advisory. The most notable is CVE-2018-1160. This is a five-year-old out-of-bounds write bug in Netatalk (an open-source AFP fileserver software) that allows a remote unauthenticated attacker to perform arbitrary code execution. The other critical vulnerability is tracked as CVE-2022-26376. This flaw is related to a memory corruption vulnerability in the AsusWRT firmware that can be exploited by specific HTTP requests. These critical vulnerabilities are found in multiple models of routers manufactured by ASUS and security updates are now available.
Why is it noteworthy?
ASUS routers are used by businesses globally. These vulnerabilities span across a collection of products, giving it a wider attack surface. These products are imperative to securely manage traffic between networks and maintaining stable internet connection for productivity. The affected router versions include:
- GT6
- GT-AXE16000
- GT-AX11000 PRO
- GT-AXE11000
- GT-AX6000
- GT-AX11000
- GS-AX5400
- GS-AX3000
- XT9
- XT8
- XT8 V2
- RT-AX86U PRO
- RT-AX86U
- RT-AX86S
- RT-AX82U
- RT-AX58U
- RT-AX3000
- TUF-AX6000
- TUF-AX5400
Each of these CVEs received a Common Vulnerability Scoring System (CVSS) critical base score of a 9.8 (Critical) according to NIST’s National Vulnerability Database. It is recommended that users update their routers as soon as possible to prevent attacks.
What is the exposure or risk?
ASUS’s recent vulnerabilities can lead to significant exposure and/or risk for its customer. If exploited successfully, it could lead to arbitrary code execution, DoS (Denial-of-Service) attacks, information disclosure and much more. This compromise could affect system’s integrity, availability, and confidentiality, ultimately putting the entire network at risk for the affected organization. ASUS has released patches for this collection of vulnerabilities found in their latest advisory.
What are the recommendations?
Barracuda SOC recommends the following actions to limit the impact of these ASUS router flaws:
- Apply the latest updates provided by ASUS.
- Set up separate complex passwords for your wireless network and router-administration page.
- Enable ASUS AiProtection.
- Disable services accessible from the WAN side of the router (Port forwarding, DDNS, VPN server, DMZ, port trigger, etc).
- Keep up to date on the latest updates from ASUS.
References
For more in-depth information about the recommendations, please visit the following links:
- https://thehackernews.com/2023/06/asus-releases-patches-to-fix-critical.html
- https://www.bleepingcomputer.com/news/security/asus-urges-customers-to-patch-critical-router-vulnerabilities/
- https://www.asus.com/content/asus-product-security-advisory/
- https://www.asus.com/content/aiprotection/
If you have any questions, please contact our Security Operations Center.
