Security News > 2023 > June > ASUS Releases Patches to Fix Critical Security Bugs Impacting Multiple Router Models
Taiwanese company ASUS on Monday released firmware updates to address, among other issues, nine security bugs impacting a wide range of router models.
Of the nine security flaws, two are rated Critical and six are rated High in severity.
Topping the list of fixes are CVE-2018-1160 and CVE-2022-26376, both of which are rated 9.8 out of a maximum of 10 on the CVSS scoring system.
CVE-2018-1160 concerns a nearly five-year-old out-of-bounds write bug in Netatalk versions before 3.1.12 that could allow a remote unauthenticated attacker to achieve arbitrary code execution.
ASUS is recommending that users apply the latest updates as soon as possible to mitigate security risks.
As a workaround, it's advising users to disable services accessible from the WAN side to avoid potential unwanted intrusions.
News URL
https://thehackernews.com/2023/06/asus-releases-patches-to-fix-critical.html
Related news
- D-Link fixes critical RCE, hardcoded password flaws in WiFi 6 routers (source)
- 80% of Critical National Infrastructure Companies Experienced an Email Security Breach in Last Year (source)
- MFA bypass becomes a critical security issue as ransomware tactics advance (source)
- HPE patches three critical security holes in Aruba PAPI (source)
- DrayTek fixed critical flaws in over 700,000 exposed routers (source)
- Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-05 | CVE-2022-26376 | Out-of-bounds Write vulnerability in multiple products A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. | 9.8 |
| 2018-12-20 | CVE-2018-1160 | Out-of-bounds Write vulnerability in multiple products Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. | 9.8 |