ASUS Critical Router Vulnerabilities Let Attackers Execute Arbitrary Code

ASUS has recently released a security advisory in which several ASUS critical router vulnerabilities have been fixed. The vulnerabilities were found to affect multiple ASUS routers with CVEs.

The company has recommended its users upgrade to the latest version of firmware to fix these router vulnerabilities.

CVE(s) of ASUS critical Router Vulnerabilities:

ASUS has fixed around 9 CVEs, as reported in the security advisory. The recent one was found to be CVE-2023-28702, and the oldest one was CVE-2018-1160. 

CVECVSS ScoreCVSS VectorDescriptionCVE-2023-287028.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HCommand Injection due to unsanitized parameters in specific web URLsCVE-2023-287037.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HOut of Bounds Write due to insufficient validation of network packet headerCVE-2023-31195N/AN/AMan-In-the-Middle attack due to insecure Cookie attributeCVE-2022-468718.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HOutdated Library (libusrsctp) exploitationCVE-2022-381057.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NOut-of-bounds read leads to denial of serviceCVE-2022-354018.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HAuthentication bypass due to expired keyCVE-2018-11609.8CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HOut of bounds write in dsi_opensess.c in Netatalk leads to arbitrary code executionCVE-2022-383937.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HOut-of-bounds read leads to denial of serviceCVE-2022-263769.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HBounds writing leads to memory corruption

Affected Products:

The list of routers affected by these CVE(s) includes, 

GT6

GT-AXE16000

GT-AXE11000 PRO

GT-AXE11000

GT-AX6000

GT-AX11000

GS-AX5400

GS-AX3000

ZenWiFi XT9

ZenWiFi XT8

ZenWiFi XT8_V2

RT-AX86U PRO

RT-AX86U

RT-AX86S

RT-AX82U

RT-AX58U

RT-AX3000

TUF-AX6000

TUF-AX5400

ASUS has recommended all of its users patch their routers to prevent attackers.

If upgrading is not required or might affect your configurations, turning off the vulnerable services is recommended.

Looking For an All-in-One Multi-OS Patch Management Platform – Try Patch Manager Plus

The post ASUS Critical Router Vulnerabilities Let Attackers Execute Arbitrary Code appeared first on Cyber Security News.

   Read More 

Cyber Security News