████ # This file was generated bot-o-matically! Edit at your own risk. ████
ASUS urges customers to patch critical router vulnerabilities [bleepingcomputer.com]:
ASUS urges customers to patch critical router vulnerabilities
ASUS has released new firmware with cumulative security updates that address vulnerabilities in multiple router models, warning customers to immediately update their devices or restrict WAN access until they're secured.
As the company explains, the newly released firmware contains fixes for nine security flaws, including high and critical ones.
The most severe of them are tracked as CVE-2022-26376 [nist.gov] and CVE-2018-1160 [nist.gov]. The first is a critical memory corruption weakness in the Asuswrt firmware for Asus routers that could let attackers trigger denial-of-services states or gain code execution.
The other critical patch is for an almost five-year-old CVE-2018-1160 bug caused by an out-of-bounds write Netatalk weakness that can also be exploited to gain arbitrary code execution on unpatched devices.
"Please note, if you choose not to install this new firmware version, we strongly recommend disabling services accessible from the WAN side to avoid potential unwanted intrusions. These services include remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port trigger," ASUS warned [asus.com] in a security advisory published today.
"We strongly encourage you to periodically audit both your equipment and your security procedures, as this will ensure that you will be better protected."
The list of impacted devices includes the following models: GT6, GT-AXE16000, GT-AX11000 PRO, GT-AX6000, GT-AX11000, GS-AX5400, GS-AX3000, XT9, XT8, XT8 V2, RT-AX86U PRO, RT-AX86U, RT-AX86S, RT-AX82U, RT-AX58U, RT-AX3000, TUF-AX6000, and TUF-AX5400.
Customers urged to patch immediately
ASUS warned users of impacted routers to update them to the latest firmware as soon as possible, available via the support website [asus.com], each product's page [asus.com], or via links provided in today's advisory [asus.com].
The company also recommends creating distinct passwords for the wireless network and router administration pages of at least eight characters (combining uppercase letters, numbers, and symbols) and avoiding using the same password for multiple devices or services.
The support website also provides detailed information on updating the firmware [asus.com] to the latest version and the measures users can take to make their routers more secure [asus.com].
ASUS' warning should be taken seriously, seeing that the company's products have been known to be targeted by botnets before.
For instance, in Mach 2022, ASUS warned of Cyclops Blink malware attacks [bleepingcomputer.com] targeting multiple ASUS router models to gain persistence and use them for remote access into compromised networks.
One month earlier, in February 2022, a joint security advisory from U.S. and U.K. cybersecurity agencies linked the Cyclops Blink botnet [bleepingcomputer.com] to the Russian military Sandworm threat group before disrupting it [bleepingcomputer.com] and preventing its use in attacks.
openwrt-has-easier-updates dept.
Zyxel security advisory for pre-authentication command injection vulnerability in NAS products [zyxel.com]:
CVE:CVE-2023-27992 [cve.org] Summary
Zyxel has released patches addressing a pre-authentication command injection vulnerability in some NAS versions. Users are advised to install them for optimal protection.
What is the vulnerability?
The pre-authentication command injection vulnerability in some Zyxel NAS devices could allow an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request.
What versions are vulnerable—and what should you do?
After a thorough investigation, we have identified the vulnerable products that are within their vulnerability support period, with their firmware patches shown in the table below.
Affected modelAffected versionPatch availabilityNAS326V5.21(AAZF.13)C0 and earlierV5.21(AAZF.14)C0 [zyxel.com]NAS540V5.21(AATB.10)C0 and earlierV5.21(AATB.11)C0 [zyxel.com]NAS542V5.21(ABAG.10)C0 and earlierV5.21(ABAG.11)C0 [zyxel.com]Got a question?
Please contact your local service rep or visit Zyxel’s Community [zyxel.com] for further information or assistance.
Acknowledgment
Thanks to Andrej Zaujec, NCSC-FI, and Maxim Suslov for reporting the issue to us.
Revision history
2023-6-20: Initial release.