ASUS, a leading global tech manufacturer, has issued some critical security updates to address three remote code execution vulnerabilities. These vulnerabilities, identified as CVE-2023-39238, CVE-2023-39239, and CVE-2023-39240, have been assigned a high-risk Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10.
The identified vulnerabilities could potentially allow cyber attackers to execute arbitrary code on affected routers by sending carefully crafted inputs, posing significant cybersecurity risks to its users and their networks.
Affected ASUS Routers:
- Model: RT-AX55 (Firmware Version: 184.108.40.206.386_50460 )
- Model: RT-AX56U_V2 (Firmware Version: 220.127.116.11.386_50460)
- Model: RT-AC86U (Firmware Version: 18.104.22.168.386_51529)
To mitigate the risks associated with these vulnerabilities, all users and administrators of the affected router models are advised to take immediate action.
Users and administrators of the affected router products are advised to turn off the remote administration (WAN Web Access) feature to prevent access from the internet. Then, ensure that their product’s firmware is updated immediately:
- Model: RT-AX55 (Firmware version 22.214.171.124.386_51948 or later)
- Model: RT-AX56U_V2 (Firmware version 126.96.36.199.386_51948 or later)
- Model: RT-AC86U (Firmware version 188.8.131.52.386_51915 or later)
Updating router firmware is an important step to ensure network security and protection against potential cyber threats. Users are strongly advised to follow these security recommendations promptly to safeguard their networks and data from potential exploitation.