Security News > 2023 > June > ASUS urges customers to patch critical router vulnerabilities
ASUS has released new firmware with cumulative security updates that address vulnerabilities in multiple router models, warning customers to immediately update their devices or restrict WAN access until they're secured.
As the company explains, the newly released firmware contains fixes for nine security flaws, including high and critical ones.
The first is a critical memory corruption weakness in the Asuswrt firmware for Asus routers that could let attackers trigger denial-of-services states or gain code execution.
"Please note, if you choose not to install this new firmware version, we strongly recommend disabling services accessible from the WAN side to avoid potential unwanted intrusions. These services include remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port trigger," ASUS warned in a security advisory published today.
ASUS warned users of impacted routers to update them to the latest firmware as soon as possible, available via the support website, each product's page, or via links provided in today's advisory.
In Mach 2022, ASUS warned of Cyclops Blink malware attacks targeting multiple ASUS router models to gain persistence and use them for remote access into compromised networks.
News URL
Related news
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- DrayTek fixed critical flaws in over 700,000 exposed routers (source)
- Alert: Over 700,000 DrayTek Routers Exposed to Hacking via 14 New Vulnerabilities (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits (source)
- Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited (source)
- Patch Tuesday: Internet Explorer Vulnerabilities Still Pose a Problem (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)