Security News > 2023 > June > ASUS warns router customers: Patch now, or block all inbound requests

ASUS warns router customers: Patch now, or block all inbound requests
2023-06-20 18:14

Annoyingly for ASUS customers, perhaps, two of the now-patched vulnerabilities have been around waiting to be patched for a long time.

Why ASUS took so long to patch these particular bugs is not mentioned in the company's official advisory, but handling HTTP "Escape codes" is a fundamental part of any software that listens to and uses web URLs.

Set-Cookie: AccessToken=ASC4JWLSMGUMV6TGMUCQQJYL What to do? If you have an affected ASUS router, patch as soon as you can.

Just because ASUS left it for ages to get the patches to you doesn't mean that you can take as long as you like to apply them, especially now that the bugs involved are a matter of public record.

If you can't patch at once, block all inbound access to your router until you can apply the update.

ASUS explicitly warns that any incoming network requests could be abused, so even port forwarding and VPN access need to be blocked outright.


News URL

https://nakedsecurity.sophos.com/2023/06/20/asus-warns-router-customers-patch-now-or-block-all-inbound-requests/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Asus 438 1 80 104 35 220