Security News > 2023 > June > ASUS Releases Patches to Fix Critical Security Bugs Impacting Multiple Router Models

ASUS Releases Patches to Fix Critical Security Bugs Impacting Multiple Router Models
2023-06-20 08:39

Taiwanese company ASUS on Monday released firmware updates to address, among other issues, nine security bugs impacting a wide range of router models.

Of the nine security flaws, two are rated Critical and six are rated High in severity.

Topping the list of fixes are CVE-2018-1160 and CVE-2022-26376, both of which are rated 9.8 out of a maximum of 10 on the CVSS scoring system.

CVE-2018-1160 concerns a nearly five-year-old out-of-bounds write bug in Netatalk versions before 3.1.12 that could allow a remote unauthenticated attacker to achieve arbitrary code execution.

ASUS is recommending that users apply the latest updates as soon as possible to mitigate security risks.

As a workaround, it's advising users to disable services accessible from the WAN side to avoid potential unwanted intrusions.


News URL

https://thehackernews.com/2023/06/asus-releases-patches-to-fix-critical.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-08-05 CVE-2022-26376 A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7..
network
low complexity
asus asuswrt-merlin
critical
9.8
2018-12-20 CVE-2018-1160 Out-of-bounds Write vulnerability in multiple products
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c.
network
low complexity
netatalk synology debian CWE-787
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Asus 438 1 80 104 35 220