Security News > 2023 > June > ASUS urges customers to patch critical router vulnerabilities
ASUS has released new firmware with cumulative security updates that address vulnerabilities in multiple router models, warning customers to immediately update their devices or restrict WAN access until they're secured.
As the company explains, the newly released firmware contains fixes for nine security flaws, including high and critical ones.
The first is a critical memory corruption weakness in the Asuswrt firmware for Asus routers that could let attackers trigger denial-of-services states or gain code execution.
"Please note, if you choose not to install this new firmware version, we strongly recommend disabling services accessible from the WAN side to avoid potential unwanted intrusions. These services include remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port trigger," ASUS warned in a security advisory published today.
ASUS warned users of impacted routers to update them to the latest firmware as soon as possible, available via the support website, each product's page, or via links provided in today's advisory.
In Mach 2022, ASUS warned of Cyclops Blink malware attacks targeting multiple ASUS router models to gain persistence and use them for remote access into compromised networks.
News URL
Related news
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- Critical vulnerabilities persist in high-risk sectors (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- QNAP addresses critical flaws across NAS, router software (source)
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)