Security News > 2023 > June > ASUS Releases Patches to Fix Critical Security Bugs Impacting Multiple Router Models
Taiwanese company ASUS on Monday released firmware updates to address, among other issues, nine security bugs impacting a wide range of router models.
Of the nine security flaws, two are rated Critical and six are rated High in severity.
Topping the list of fixes are CVE-2018-1160 and CVE-2022-26376, both of which are rated 9.8 out of a maximum of 10 on the CVSS scoring system.
CVE-2018-1160 concerns a nearly five-year-old out-of-bounds write bug in Netatalk versions before 3.1.12 that could allow a remote unauthenticated attacker to achieve arbitrary code execution.
ASUS is recommending that users apply the latest updates as soon as possible to mitigate security risks.
As a workaround, it's advising users to disable services accessible from the WAN side to avoid potential unwanted intrusions.
News URL
https://thehackernews.com/2023/06/asus-releases-patches-to-fix-critical.html
Related news
- The ongoing evolution of the CIS Critical Security Controls (source)
- Asus lets processor security fix slip out early, AMD confirms patch in progress (source)
- Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution (source)
- Netgear warns users to patch critical WiFi router vulnerabilities (source)
- Don't Overlook These 6 Critical Okta Security Configurations (source)
- Juniper patches critical auth bypass in Session Smart routers (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-05 | CVE-2022-26376 | A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. | 9.8 |
| 2018-12-20 | CVE-2018-1160 | Out-of-bounds Write vulnerability in multiple products Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. | 9.8 |