Security News > 2023 > June > ASUS urges customers to patch critical router vulnerabilities
ASUS has released new firmware with cumulative security updates that address vulnerabilities in multiple router models, warning customers to immediately update their devices or restrict WAN access until they're secured.
As the company explains, the newly released firmware contains fixes for nine security flaws, including high and critical ones.
The first is a critical memory corruption weakness in the Asuswrt firmware for Asus routers that could let attackers trigger denial-of-services states or gain code execution.
"Please note, if you choose not to install this new firmware version, we strongly recommend disabling services accessible from the WAN side to avoid potential unwanted intrusions. These services include remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port trigger," ASUS warned in a security advisory published today.
ASUS warned users of impacted routers to update them to the latest firmware as soon as possible, available via the support website, each product's page, or via links provided in today's advisory.
In Mach 2022, ASUS warned of Cyclops Blink malware attacks targeting multiple ASUS router models to gain persistence and use them for remote access into compromised networks.
News URL
Related news
- Netgear warns users to patch critical WiFi router vulnerabilities (source)
- Moxa Alerts Users to High-Severity Vulnerabilities in Cellular and Secure Routers (source)
- Rsync vulnerabilities allow remote code execution on servers, patch quickly! (source)
- SAP fixes critical vulnerabilities in NetWeaver application servers (source)
- Critical vulnerabilities remain unresolved due to prioritization gaps (source)
- Critical SimpleHelp vulnerabilities fixed, update your server instances! (source)
- Asus lets processor security fix slip out early, AMD confirms patch in progress (source)
- SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation (source)
- Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)