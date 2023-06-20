Asus advised consumers on Monday that nine security flaws in its routers allowed for remote code execution, denial-of-service attacks, and authentication bypasses. The computer hardware company distributed firmware updates the same day to address the vulnerabilities. CVE-2018-1160, one of the vulnerabilities, has a high severity rating and has exposed routers to code execution attacks for the past five years.

The Asus firmware updates address both CVE-2018-1160 and CVE-2022-26376, a memory corruption bug that impacted the httpd unescape functionality of Asuswrt up to version 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen up to version 386.7. The WiFi router models with these vulnerabilities are the Asus GT6, GT-AXE16000, GT-AX11000 PRO, GT-AX6000, GT-AX11000, GS-AX5400, GS-AX3000, XT9, XT8, XT8 V2, RT-AX86U PRO, RT-AX86U, RT-AX86S, RT-AX82U, RT-AX58U, RT-AX3000, TUF-AX6000, and TUF-AX5400. Asus strongly advises its customers to update their routers with the new firmware immediately. The company also noted disabling the router’s services from the WAN side would prevent undesired invasions.

