overview

This week, ASUS issued a firmware update to address vulnerabilities across 19 of its wireless router models. The company advised customers to promptly update their devices or restrict WAN access until the necessary security measures are in place. The newly released firmware includes fixes for a total of nine security flaws, including both high and critical severity issues.  

Although there are a total of nine security flaws, two of those flaws (CVE-2022-26376 and CVE-2018-1160) are critical and could allow an attacker to execute code or launch a DDoS attack. The first flaw, CVE-2022-26376 is a critical memory corruption flaw found in Asuswrt firmware for ASUS routers. The flaw could allow attackers to initiate denial-of-services conditions or gain privileges to execute code.  

The second critical vulnerability, CVE-2018-1160, is an older flaw that has been present for nearly five years. It stems from an out-of-bounds write weakness in Netatalk. This vulnerability can be exploited to achieve arbitrary code execution on devices that have not been patched. The list of impacted devices for both vulnerabilities is as follows:  

  • GT6 
  • GT-AXE16000 
  • GT-AX11000 PRO 
  • GT-AX6000 
  • GT-AX11000 
  • GS-AX5400 
  • GS-AX3000 
  • XT9, XT8, and XT8 V2 
  • RT-AX86U PRO, RT-AX86U, RT-AX86S, RT-AX82U, RT-AX58U, and RT-AX3000 
  • TUF-AX6000 
  • TUF-AX5400. 

ASUS highly recommends that users update their routers to the latest firmware. If you choose not to install the new firmware version, ASUS recommends disabling services accessible from the WAN side to prevent unwanted intrusions. The services include remote access from WAN, port forwarding, DDNS, VPN server, DMZ, and port trigger.  

  

   

avertium's recommendationS

  • Users with impacted routers should install the latest firmware. You may find the latest version on the ASUS support website or each product’s page 
  • ASUS also recommends to do the following:  
    • Periodically audit both your equipment and your security procedures, as this will ensure that you will be better protected. As a user of an ASUS router, we advise taking the following actions: 
  1. Update your router to the latest firmware. We strongly recommend that you do so as soon as new firmware is released. You will find the latest firmware available for download from the ASUS support page athttps://www.asus.com/support/or the appropriate product page at https://www.asus.com/Networking/. ASUS has provided a link to new firmware for selected routers at the end of this notice. 
  2. Set up separate passwords for your wireless network and router-administration page. Use passwords with a length of at least eight characters, including a mix of capital letters, numbers and symbols. Do not use the same password for multiple devices or services. 
  3. Enable ASUS AiProtection, if your router supports this feature. Instructions on how to do this can be found in your router’s manual, or on the relevant ASUS support page, at https://www.asus.com/Networking/. 



 

INDICATORS OF COMPROMISE (IoCs)

At this time, there are no known IoCs associated with CVE-2022-26376 and CVE-2018-1160. Avertium’s threat hunters remain vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive

 

 

How Avertium is Protecting Our CUSTOMERS

  • Expanding endpoints, cloud computing environments, and accelerated digital transformation have decimated the perimeter in an ever-expanding attack surface. Avertium offers Attack Surface Management, so you’ll have no more blind spots, weak links, or fire drills. 
  • Fusion MXDR is the first MDR offering that fuse together all aspects of security operations into a living, breathing, threat-resistant XDR solution. By fusing insights from threat intelligence, security assessments, and vulnerability management into our MDR approach, Fusion MXDR offers a more informed, robust, and cost-effective approach to cybersecurity – one that is greater than the sum of its parts. 
  • Avertium offers Vulnerability Management VM to provide a deeper understanding and control over organizational information security risks.  If your enterprise is facing challenges with the scope, resources, or skills required to implement a vulnerability management program with your team, outsourced solutions can help you bridge the gap.  






 

SUPPORTING DOCUMENTATION

ASUS urges customers to patch critical router vulnerabilities (bleepingcomputer.com) 

ASUS Product Security Advisory | ASUS Global 

19 Asus Routers Need Their Firmware Updated Immediately (pcmag.com) 
Chat With One of Our Experts



Flash Notice Critical Vulnerability High-Severity Vulnerability ASUS Blog