If you own an Asus router and haven’t updated it recently, you may be at risk of remote attacks due to critical vulnerabilities. Today’s announcement reveals that three specific models—the Asus RT-AX55, RT-AX56U_V2, and RT-AC86U are susceptible to flaws (CVE-2023-39238, CVE-2023-39239, and CVE-2023-39240) that affect the APIs handling administrative functions. These vulnerabilities, rated 9.8 out of 10 on the CVSS v3.0 scale, allow remote attackers to execute code, disrupt operations, and perform arbitrary actions by exploiting format string flaws. It’s crucial for users to update their firmware immediately to enhance security and protect against potential threats.
If you have one of the affected routers, here are the firmware versions you’ll want to update to:
- RT-AX55: 3.0.0.4.386_51948 or later
- RT-AX56U_V2: 3.0.0.4.386_51948 or later
- RT-AC86U: 3.0.0.4.386_51915 or later
These patches were all released this year, with the AX56U_V2 the first to get its updated firmware in May 2023, the RT-AC86U in July 2023, and the RT-AX55 in August 2023.
If your router’s affected, you’ll obviously want to check your firmware version right away. But after verifying (and updating, as needed), you should probably shut off remote access to your router, too. Since most people set up their router and then forget about it, you won’t need that feature, and you’ll stay better protected with it off. It’s just one of the core pieces of advice we tech journalists give about securing your home network properly.