ASUS Issues Router Product Security Advisory

Join us now!

Username
Password
Verification
	Stay logged in

Forgot Your Password? Forgot your Username? Haven't received registration validation E-mail?

Welcome, ! User Control Panel Log out

Forums
Posts

Latest Posts

Active Posts

Recently Visited

Search Results

View More
Blog

Recent Blog Posts

View More
Photos

Recent Photos

My Favorites

View More Photo Galleries
PMs

Unread PMs

Inbox

Send New PM View More
Page Extras
Menu
- Forum Themes
Back to Mobile

Mark Thread UnreadFlat Reading Mode ❐

Prev Thread

Next Thread

ASUS Issues Router Product Security Advisory

Author Post Essentials Only Full Version
rjohnson11 EVGA Forum Moderator Total Posts : 85038 Reward points : 0 Joined: 10/5/2004 Location: Netherlands Status: offline Ribbons : 86 Sunday, June 25, 2023 9:33 AM (permalink) https://www.techpowerup.com/310478/asus-issues-router-product-security-advisory If you own one of several recent ASUS router models, then you're being urged by ASUS to upgrade your firmware to the latest release as soon as possible, due to a few serious security flaws. The two most severe being CVE-2022-26376 and CVE-2018-1160, both of which are rated 9.8 on a scale of 10 in terms of severity. However, if you're running the third party Asuswrt-Merlin firmware, you're apparently safe, as the author of the third party firmware has already patched all the known security issues that ASUS has announced patches for. The affected models are the GT6, GT-AXE16000, GT-AX11000 PRO, GT-AX6000, GT-AX11000, GS-AX5400, GS-AX3000, XT9, XT8, XT8 V2, RT-AX86U PRO, RT-AX86U, RT-AX86S, RT-AX82U, RT-AX58U, RT-AX3000, TUF-AX6000, and TUF-AX5400. That's 18 different models in total, all of which should be built around Broadcom hardware. It's unclear if more models are affected or not, but these are the ones ASUS has issued updates for. The security flaws in question could allow someone to take over an unpatched router and make it a part of a botnet or similar. ASUS has suggested turning off features like DDNS and VPN servers, as well as more obvious things like WAN access, port forwarding, port triggers and DMZ until the firmware has been updated on the affected models. Very important that if you have any of the models listed update your firmware at once. AMD Ryzen 9 7950X, Corsair Mp700 Pro M.2, 64GB Corsair Dominator Titanium DDR5 X670E Steel Legend, MSI RTX 4090 Associate Code: H5U80QBH6BH0AXF. I am NOT an employee of EVGA #1 1 Reply Related Threads
Hoggle EVGA Forum Moderator Total Posts : 8899 Reward points : 0 Joined: 10/14/2003 Location: Eugene, OR Status: offline Ribbons : 4 Re: ASUS Issues Router Product Security Advisory Sunday, June 25, 2023 9:54 AM (permalink) It would be nice if things like routers had an automatic check for security and firmware updates. I wonder how many people never check to see if they have the latest firmware and just are unknowingly helping a bot network. Use an Associates Code & SAVE 5% - 10% on your purchase. Just click on the associates banner to save, or enter the associates code at checkout on your next purchase. If you choose to use my code I want to personally say "Thank You" for using it. #2

Author

Post

Essentials Only Full Version

rjohnson11

EVGA Forum Moderator

Total Posts : 85038
Reward points : 0
Joined: 10/5/2004
Location: Netherlands
Status: offline
Ribbons : 86

Sunday, June 25, 2023 9:33 AM (permalink)

https://www.techpowerup.com/310478/asus-issues-router-product-security-advisory

If you own one of several recent ASUS router models, then you're being urged by ASUS to upgrade your firmware to the latest release as soon as possible, due to a few serious security flaws. The two most severe being CVE-2022-26376 and CVE-2018-1160, both of which are rated 9.8 on a scale of 10 in terms of severity. However, if you're running the third party Asuswrt-Merlin firmware, you're apparently safe, as the author of the third party firmware has already patched all the known security issues that ASUS has announced patches for.

The affected models are the GT6, GT-AXE16000, GT-AX11000 PRO, GT-AX6000, GT-AX11000, GS-AX5400, GS-AX3000, XT9, XT8, XT8 V2, RT-AX86U PRO, RT-AX86U, RT-AX86S, RT-AX82U, RT-AX58U, RT-AX3000, TUF-AX6000, and TUF-AX5400. That's 18 different models in total, all of which should be built around Broadcom hardware. It's unclear if more models are affected or not, but these are the ones ASUS has issued updates for. The security flaws in question could allow someone to take over an unpatched router and make it a part of a botnet or similar. ASUS has suggested turning off features like DDNS and VPN servers, as well as more obvious things like WAN access, port forwarding, port triggers and DMZ until the firmware has been updated on the affected models.

Very important that if you have any of the models listed update your firmware at once.

AMD Ryzen 9 7950X, Corsair Mp700 Pro M.2, 64GB Corsair Dominator Titanium DDR5 X670E Steel Legend, MSI RTX 4090 Associate Code: H5U80QBH6BH0AXF. I am NOT an employee of EVGA

1 Reply Related Threads

Hoggle

EVGA Forum Moderator

Total Posts : 8899
Reward points : 0
Joined: 10/14/2003
Location: Eugene, OR
Status: offline
Ribbons : 4

Re: ASUS Issues Router Product Security Advisory Sunday, June 25, 2023 9:54 AM (permalink)

It would be nice if things like routers had an automatic check for security and firmware updates. I wonder how many people never check to see if they have the latest firmware and just are unknowingly helping a bot network.

Use an Associates Code & SAVE 5% - 10% on your purchase. Just click on the associates banner to save, or enter the associates code at checkout on your next purchase. If you choose to use my code I want to personally say "Thank You" for using it.

Jump to: