These Asus routers are vulnerable to remote code execution flaws — update right now - EVGA Forums

Join us now!

Username
Password
Verification
	Stay logged in

Forgot Your Password? Forgot your Username? Haven't received registration validation E-mail?

Welcome, ! User Control Panel Log out

Forums
Posts

Latest Posts

Active Posts

Recently Visited

Search Results

View More
Blog

Recent Blog Posts

View More
Photos

Recent Photos

My Favorites

View More Photo Galleries
PMs

Unread PMs

Inbox

Send New PM View More
Page Extras
Menu
- Forum Themes
Back to Mobile

Mark Thread UnreadFlat Reading Mode ❐

Helpful ReplyThese Asus routers are vulnerable to remote code execution flaws — update right now

Author Post Essentials Only Full Version
rjohnson11 EVGA Forum Moderator Total Posts : 85038 Reward points : 0 Joined: 10/5/2004 Location: Netherlands Status: offline Ribbons : 86 Friday, September 08, 2023 5:07 PM (permalink) https://www.tomsguide.com/news/these-asus-routers-are-vulnerable-to-remote-code-execution-flaws-update-right-now Three critical remote code execution vulnerabilities have been identified and patched in several popular Wi-Fi routers from the Taiwanese hardware maker Asus. As reported by BleepingCompute r, the Asus RT-AX55, Asus RT-AX56U_V2 and Asus RT-AC86U are vulnerable to being hijacked by hackers if the latest security updates aren’t installed. All three flaws, which have a critical severity CVSS v3.1 score of 9.8 out of 10.0, are format string vulnerabilities that hackers can remotely exploit without authentication. From here, they could remotely execute code on the devices, interrupt their service and perform other arbitrary operations. The vulnerabilities, tracked as CVE-2023-39238, CVE-2023-39239 and CVE-2023-39240, were disclosed by Taiwan’s Computer Emergency Response Team (CERT) earlier today and impact the Asus RT-AX55, RT-AX56U_V2, and RT-AC86U running firmware versions 3.0.0.4.386_50460, 3.0.0.4.386_50460, and 3.0.0.4_386_51529. Fortunately for owners of some of the best gaming routers from Asus, the company has already released firmware updates to patch these vulnerabilities. If you own one of the affected Asus routers, you’re going to need to apply the latest firmware updates ASAP since failure to do so can leave your router vulnerable to cyberattacks. There are several different ways to update your Asus router and you can do so using the company’s WebGUI, manually or with the Asus Router App. The Asus RT-AX55 needs to be running firmware version 3.0.0.4.386_51948 or later, the Asus RT-AX56U_V2 requires firmware version 3.0.0.4.386_51948 or later and the Asus RT-AC86U should be running firmware version 3.0.0.4.386_51915 or later to be protected against attacks leveraging these vulnerabilities. If you regularly update your router (which you should), you may already be protected as Asus released a patch to address these three flaws back in May for the Asus AX56U_V2, in July for the Asus RT-AC86U and in early August for the Asus RT-AX55. For additional protection, you should also disable remote administration (WAN Web Access) on your Asus router as these flaws and others like it often target the web admin console on consumer devices. Please update your ASUS router if you haven't already. AMD Ryzen 9 7950X, Corsair Mp700 Pro M.2, 64GB Corsair Dominator Titanium DDR5 X670E Steel Legend, MSI RTX 4090 Associate Code: H5U80QBH6BH0AXF. I am NOT an employee of EVGA #1 List Solutions Only 4 Replies Related Threads
Cool GTX EVGA Forum Moderator Total Posts : 31353 Reward points : 0 Joined: 12/12/2010 Location: Folding for the Greater Good Status: offline Ribbons : 123 Re: These Asus routers are vulnerable to remote code execution flaws — update right now Friday, September 08, 2023 5:29 PM (permalink) (excerpt) "As reported by BleepingCompute r, the Asus RT-AX55, Asus RT-AX56U_V2 and Asus RT-AC86U are vulnerable to being hijacked by hackers if the latest security updates aren’t installed." Dang, the battle is never really over, firmware & software updates are a MUST to keep the hackers from having easy access Learn your way around the EVGA Forums, Rules & limits on new accounts Ultimate Self-Starter Thread For New Members I am a Volunteer Moderator - not an EVGA employee **Older RIG projects RTX Project Nibbler** When someone does not use reason to reach their conclusion in the first place; you can't use reason to convince them otherwise! #2
B0baganoosh CLASSIFIED Member Total Posts : 2470 Reward points : 0 Joined: 8/4/2009 Status: offline Ribbons : 42 Re: These Asus routers are vulnerable to remote code execution flaws — update right now Friday, September 08, 2023 8:57 PM (permalink) ☄ Helpfulby Cool GTX Friday, September 08, 2023 10:23 PM I have the RT-AC86U. I just logged into it to check the firmware and there's a "check" button, which responds that it has the latest version. I went on the ASUS website and the version I had was a beta version from 2 years ago with several new versions since then lol. It is up to date now. Just thought I'd add a note not to trust that self-check. 6Q6CPFHPBPCU691 is a discount code anyone can use. i9 13900k - EVGA Z690 Classy - Nvidia RTX 4090 FE - G.Skill 64GB DDR5-6000CL30 - WD SN850 2TB NVMe Gen4 - Be Quiet! Straight Power 12 1200W - Be Quiet! Dark Base 900 Pro. MO-RA3 420 Pro. Dark Palimpsest MODS RIGS post for build notes. #3
Cool GTX EVGA Forum Moderator Total Posts : 31353 Reward points : 0 Joined: 12/12/2010 Location: Folding for the Greater Good Status: offline Ribbons : 123 Re: These Asus routers are vulnerable to remote code execution flaws — update right now Friday, September 08, 2023 10:25 PM (permalink) B0baganoosh I have the RT-AC86U. I just logged into it to check the firmware and there's a "check" button, which responds that it has the latest version. I went on the ASUS website and the version I had was a beta version from 2 years ago with several new versions since then lol. It is up to date now. Just thought I'd add a note not to trust that self-check. Thanks for sharing to warn others, that is an important "bug" you found Learn your way around the EVGA Forums, Rules & limits on new accounts Ultimate Self-Starter Thread For New Members I am a Volunteer Moderator - not an EVGA employee **Older RIG projects RTX Project Nibbler** When someone does not use reason to reach their conclusion in the first place; you can't use reason to convince them otherwise! #4
Nereus Captain Goodvibes Total Posts : 18192 Reward points : 0 Joined: 4/10/2009 Location: Brooklyn, NYC. Status: offline Ribbons : 58 Re: These Asus routers are vulnerable to remote code execution flaws — update right now Friday, September 08, 2023 10:55 PM (permalink) Thanks for posting.. I have the RT-AX86U and a meshed RT-AC68U. Both very close to one of the impacted model numbers. Both have current firmware fortunately (checked ASUS website to be sure, thanks B0baganoosh). BUILD 1 2 \| MINI-ITX BUILD \| MODSRIGS $1K WIN \| HEATWARE 111-0-0 #5

Jump to: