Security News > 2023 > June > ASUS urges customers to patch critical router vulnerabilities
ASUS has released new firmware with cumulative security updates that address vulnerabilities in multiple router models, warning customers to immediately update their devices or restrict WAN access until they're secured.
As the company explains, the newly released firmware contains fixes for nine security flaws, including high and critical ones.
The first is a critical memory corruption weakness in the Asuswrt firmware for Asus routers that could let attackers trigger denial-of-services states or gain code execution.
"Please note, if you choose not to install this new firmware version, we strongly recommend disabling services accessible from the WAN side to avoid potential unwanted intrusions. These services include remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port trigger," ASUS warned in a security advisory published today.
ASUS warned users of impacted routers to update them to the latest firmware as soon as possible, available via the support website, each product's page, or via links provided in today's advisory.
In Mach 2022, ASUS warned of Cyclops Blink malware attacks targeting multiple ASUS router models to gain persistence and use them for remote access into compromised networks.
News URL
Related news
- March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V (source)
- Microsoft's March Updates Fix 61 Vulnerabilities, Including Critical Hyper-V Flaws (source)
- PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800) (source)
- TheMoon malware infects 6,000 ASUS routers in 72 hours for proxy service (source)