ASUS Critical Router Vulnerabilities Let Attackers Execute Arbitrary Code
ASUS has no longer too long within the past released a security advisory whereby several ASUS excessive router vulnerabilities had been mounted. The vulnerabilities had been chanced on to secure an impress on just a few ASUS routers with CVEs.
The firm has suggested its users upgrade to the most contemporary version of firmware to fix these router vulnerabilities.
CVE(s) of ASUS excessive Router Vulnerabilities:
ASUS has mounted around 9 CVEs, as reported within the safety advisory. The contemporary one was chanced on to be CVE-2023-28702, and the oldest one was CVE-2018-1160.
CVE | CVSS Win | CVSS Vector | Description |
CVE-2023-28702 | 8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | Characterize Injection attributable to unsanitized parameters critically web URLs |
CVE-2023-28703 | 7.2 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | Out of Bounds Write attributable to insufficient validation of network packet header |
CVE-2023-31195 | N/A | N/A | Man-In-the-Middle assault attributable to alarmed Cookie attribute |
CVE-2022-46871 | 8.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | Outdated Library (libusrsctp) exploitation |
CVE-2022-38105 | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | Out-of-bounds be taught outcomes in denial of service |
CVE-2022-35401 | 8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | Authentication bypass attributable to expired key |
CVE-2018-1160 | 9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | Out of bounds write in dsi_opensess.c in Netatalk outcomes in arbitrary code execution |
CVE-2022-38393 | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | Out-of-bounds be taught outcomes in denial of service |
CVE-2022-26376 | 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | Bounds writing outcomes in reminiscence corruption |
Affected Products:
The listing of routers tormented by these CVE(s) contains,
- GT6
- GT-AXE16000
- GT-AXE11000 PRO
- GT-AXE11000
- GT-AX6000
- GT-AX11000
- GS-AX5400
- GS-AX3000
- ZenWiFi XT9
- ZenWiFi XT8
- ZenWiFi XT8_V2
- RT-AX86U PRO
- RT-AX86U
- RT-AX86S
- RT-AX82U
- RT-AX58U
- RT-AX3000
- TUF-AX6000
- TUF-AX5400
ASUS has suggested all of its users patch their routers to prevent attackers.
If upgrading is no longer required or might per chance most probably secure an impress to your configurations, turning off the vulnerable services is recommended.
Source credit : cybersecuritynews.com