ASUS Critical Router Vulnerabilities Let Attackers Execute Arbitrary Code

ASUS has recently released a security advisory in which several ASUS critical router vulnerabilities have been fixed. The vulnerabilities were found to affect multiple ASUS routers with CVEs.

The company has recommended its users upgrade to the latest version of firmware to fix these router vulnerabilities.

CVE(s) of ASUS critical Router Vulnerabilities:

Read moreBuilding cyber skills and roles from CyBOK foundations

ASUS has fixed around 9 CVEs, as reported in the security advisory. The recent one was found to be CVE-2023-28702, and the oldest one was CVE-2018-1160. 

CVECVSS ScoreCVSS VectorDescriptionCVE-2023-287028.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HCommand Injection due to unsanitized parameters in specific web URLsCVE-2023-287037.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HOut of Bounds Write due to insufficient validation of network packet headerCVE-2023-31195N/AN/AMan-In-the-Middle attack due to insecure Cookie attributeCVE-2022-468718.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HOutdated Library (libusrsctp) exploitationCVE-2022-381057.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NOut-of-bounds read leads to denial of serviceCVE-2022-354018.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HAuthentication bypass due to expired keyCVE-2018-11609.8CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HOut of bounds write in dsi_opensess.c in Netatalk leads to arbitrary code executionCVE-2022-383937.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HOut-of-bounds read leads to denial of serviceCVE-2022-263769.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HBounds writing leads to memory corruption

Affected Products:

Read moreAccessibility as a cyber security priority

The list of routers affected by these CVE(s) includes, 

GT6

Read moreNew interactive video - and related downloads - to help secondary school kids stay safe online

GT-AXE16000

GT-AXE11000 PRO

Read moreNigerian Cybercrime Ring's Phishing Tactics Exposed

GT-AXE11000

GT-AX6000

Read moreS3 Ep135: Sysadmin by day, extortionist by night

GT-AX11000

GS-AX5400

Read moreUS offers $10m bounty for Russian ransomware suspect outed in indictment

GS-AX3000

ZenWiFi XT9

Read moreBelkin Wemo Smart Plug V2 – the buffer overflow that won’t be patched

ZenWiFi XT8

ZenWiFi XT8_V2

Read moreZut alors! Raclage crapuleux! Clearview AI in 20% more trouble in France

RT-AX86U PRO

RT-AX86U

Read moreHeads Up CEO! Cyber Risk Influences Company Credit Ratings

RT-AX86S

RT-AX82U

Read moreCISA, NSA Issue New IAM Best Practice Guidelines

RT-AX58U

RT-AX3000

Read more6 Ways to Mitigate Risk While Expanding Access

TUF-AX6000

TUF-AX5400

Read moreHypervisors and Ransomware: Defending Attractive Targets

ASUS has recommended all of its users patch their routers to prevent attackers.

If upgrading is not required or might affect your configurations, turning off the vulnerable services is recommended.

Read moreNIST Launches Cybersecurity Initiative for Small Businesses

Looking For an All-in-One Multi-OS Patch Management Platform – Try Patch Manager Plus

The post ASUS Critical Router Vulnerabilities Let Attackers Execute Arbitrary Code appeared first on Cyber Security News.

Read moreEducating Your Board of Directors on Cybersecurity

   Read More 

Cyber Security News 

Related Posts

Russia charges suspects behind theft of 160,000 credit cards

Russia charges suspects behind theft of 160,000 credit cards

Russia’s Prosecutor General’s Office has announced the indictment of six suspected “hacking group” members for using malware to steal credit card and payment information from foreign online stores. […]   Read More 

BleepingComputer 

New ‘Looney Tunables’ Linux bug gives root on major distros

New ‘Looney Tunables’ Linux bug gives root on major distros

A new Linux vulnerability known as ‘Looney Tunables’ enables local attackers to gain root privileges by exploiting a buffer overflow weakness in the GNU C Library’s ld.so dynamic loader. […]   Read More 

BleepingComputer