ASUS has recently announced that three of their popular high-end routers, namely RT-AX55, RT-AX56U_V2, and RT-AC86U, are vulnerable to critical remote code execution flaws. These vulnerabilities, if not addressed with the latest security updates, could allow threat actors to take control of the devices and perform malicious activities.
The Impact of the Flaws
The three vulnerabilities have been classified as critical with a CVSS v3.1 score of 9.8 out of 10.0. They are format string vulnerabilities, which means that they arise from unvalidated and/or unsanitized user input within certain functions. These flaws can be exploited remotely and without authentication, potentially leading to remote code execution, service interruptions, and arbitrary operations on the affected devices.
It is important to note that these routers are popular among gamers and users with demanding performance needs. Their high-end features and capabilities make them attractive targets for threat actors who seek to exploit vulnerabilities for their own gain.
Details of the Vulnerabilities
The Taiwanese CERT, which disclosed the vulnerabilities, has provided the following information:
- CVE-2023-39238: Lack of proper verification of the input format string on the iperf-related API module ‘ser_iperf3_svr.cgi’.
- CVE-2023-39239: Lack of proper verification of the input format string in the API of the general setting function.
- CVE-2023-39240: Lack of proper verification of the input format string on the iperf-related API module ‘ser_iperf3_cli.cgi’.
Recommended Solution
To mitigate the risks associated with these vulnerabilities, it is crucial to apply the latest firmware updates provided by ASUS. The recommended firmware versions for each affected router are as follows:
- RT-AX55: 3.0.0.4.386_51948 or later
- RT-AX56U_V2: 3.0.0.4.386_51948 or later
- RT-AC86U: 3.0.0.4.386_51915 or later
ASUS has already released patches addressing these flaws. However, users who have not installed the security updates since their release dates should consider their devices vulnerable to attacks and take immediate action.
Additional Security Measures
In addition to applying the firmware updates, it is strongly advised to turn off the remote administration (WAN Web Access) feature on the routers. This will prevent unauthorized access to the web admin console from the internet.
The discovery of these critical remote code execution flaws in ASUS routers highlights the importance of regular security updates and proactive measures to protect our devices and networks. By staying vigilant and promptly addressing vulnerabilities, we can ensure a safer and more secure online experience.