ASUS Critical Router Vulnerabilities Let Attackers Execute Arbitrary Code

by Esmeralda McKenzie
ASUS Critical Router Vulnerabilities Let Attackers Execute Arbitrary Code

ASUS Critical Router Vulnerabilities Let Attackers Execute Arbitrary Code

ASUS excessive router vulnerabilities let Attackers Assemble arbitrary code

ASUS has no longer too long within the past released a security advisory whereby several ASUS excessive router vulnerabilities had been mounted. The vulnerabilities had been chanced on to secure an impress on just a few ASUS routers with CVEs.

The firm has suggested its users upgrade to the most contemporary version of firmware to fix these router vulnerabilities.

CVE(s) of ASUS excessive Router Vulnerabilities:

ASUS has mounted around 9 CVEs, as reported within the safety advisory. The contemporary one was chanced on to be CVE-2023-28702, and the oldest one was CVE-2018-1160.

CVE CVSS Win CVSS Vector Description
CVE-2023-28702 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Characterize Injection attributable to unsanitized parameters critically web URLs
CVE-2023-28703 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Out of Bounds Write attributable to insufficient validation of network packet header
CVE-2023-31195 N/A N/A Man-In-the-Middle assault attributable to alarmed Cookie attribute
CVE-2022-46871 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Outdated Library (libusrsctp) exploitation
CVE-2022-38105 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Out-of-bounds be taught outcomes in denial of service
CVE-2022-35401 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Authentication bypass attributable to expired key
CVE-2018-1160 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Out of bounds write in dsi_opensess.c in Netatalk outcomes in arbitrary code execution
CVE-2022-38393 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Out-of-bounds be taught outcomes in denial of service
CVE-2022-26376 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Bounds writing outcomes in reminiscence corruption

Affected Products:

The listing of routers tormented by these CVE(s) contains,

  • GT6
  • GT-AXE16000
  • GT-AXE11000 PRO
  • GT-AXE11000
  • GT-AX6000
  • GT-AX11000
  • GS-AX5400
  • GS-AX3000
  • ZenWiFi XT9
  • ZenWiFi XT8
  • ZenWiFi XT8_V2
  • RT-AX86U PRO
  • RT-AX86U
  • RT-AX86S
  • RT-AX82U
  • RT-AX58U
  • RT-AX3000
  • TUF-AX6000
  • TUF-AX5400

ASUS has suggested all of its users patch their routers to prevent attackers.

If upgrading is no longer required or might per chance most probably secure an impress to your configurations, turning off the vulnerable services is recommended.

Source credit : cybersecuritynews.com

Related Posts