Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 16 submissions in the queue.
Meta

Submission Preview

Link to Story

ASUS Urges Customers to Patch Critical Router Vulnerabilities

Accepted submission by upstart at 2023-06-22 12:50:23
News

upstart [soylentnews.org] writes:

████ # This file was generated bot-o-matically! Edit at your own risk. ████

ASUS urges customers to patch critical router vulnerabilities [bleepingcomputer.com]:

ASUS urges customers to patch critical router vulnerabilities

ASUS has released new firmware with cumulative security updates that address vulnerabilities in multiple router models, warning customers to immediately update their devices or restrict WAN access until they're secured.

As the company explains, the newly released firmware contains fixes for nine security flaws, including high and critical ones.

The most severe of them are tracked as CVE-2022-26376 [nist.gov] and CVE-2018-1160 [nist.gov]. The first is a critical memory corruption weakness in the Asuswrt firmware for Asus routers that could let attackers trigger denial-of-services states or gain code execution.

The other critical patch is for an almost five-year-old CVE-2018-1160 bug caused by an out-of-bounds write Netatalk weakness that can also be exploited to gain arbitrary code execution on unpatched devices.

"Please note, if you choose not to install this new firmware version, we strongly recommend disabling services accessible from the WAN side to avoid potential unwanted intrusions. These services include remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port trigger," ASUS warned [asus.com] in a security advisory published today.

"We strongly encourage you to periodically audit both your equipment and your security procedures, as this will ensure that you will be better protected."

The list of impacted devices includes the following models: GT6, GT-AXE16000, GT-AX11000 PRO, GT-AX6000, GT-AX11000, GS-AX5400, GS-AX3000, XT9, XT8, XT8 V2, RT-AX86U PRO, RT-AX86U, RT-AX86S, RT-AX82U, RT-AX58U, RT-AX3000, TUF-AX6000, and TUF-AX5400.

Customers urged to patch immediately

ASUS warned users of impacted routers to update them to the latest firmware as soon as possible, available via the support website [asus.com], each product's page [asus.com], or via links provided in today's advisory [asus.com].

The company also recommends creating distinct passwords for the wireless network and router administration pages of at least eight characters (combining uppercase letters, numbers, and symbols) and avoiding using the same password for multiple devices or services.

The support website also provides detailed information on updating the firmware [asus.com] to the latest version and the measures users can take to make their routers more secure [asus.com].

ASUS' warning should be taken seriously, seeing that the company's products have been known to be targeted by botnets before.

For instance, in Mach 2022, ASUS warned of Cyclops Blink malware attacks [bleepingcomputer.com] targeting multiple ASUS router models to gain persistence and use them for remote access into compromised networks.

One month earlier, in February 2022, a joint security advisory from U.S. and U.K. cybersecurity agencies linked the Cyclops Blink botnet [bleepingcomputer.com] to the Russian military Sandworm threat group before disrupting it [bleepingcomputer.com] and preventing its use in attacks.

openwrt-has-easier-updates dept.

Zyxel security advisory for pre-authentication command injection vulnerability in NAS products [zyxel.com]:

CVE:CVE-2023-27992 [cve.org] Summary

Zyxel has released patches addressing a pre-authentication command injection vulnerability in some NAS versions. Users are advised to install them for optimal protection.

What is the vulnerability?

The pre-authentication command injection vulnerability in some Zyxel NAS devices could allow an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request.

What versions are vulnerable—and what should you do?

After a thorough investigation, we have identified the vulnerable products that are within their vulnerability support period, with their firmware patches shown in the table below.

Affected modelAffected versionPatch availabilityNAS326V5.21(AAZF.13)C0 and earlierV5.21(AAZF.14)C0 [zyxel.com]NAS540V5.21(AATB.10)C0 and earlierV5.21(AATB.11)C0 [zyxel.com]NAS542V5.21(ABAG.10)C0 and earlierV5.21(ABAG.11)C0 [zyxel.com]Got a question?

Please contact your local service rep or visit Zyxel’s Community [zyxel.com] for further information or assistance.

Acknowledgment

Thanks to Andrej Zaujec, NCSC-FI, and Maxim Suslov for reporting the issue to us.

Revision history

2023-6-20: Initial release.

Original Submission