ASUS Firmware Fixes Router Security Holes

Asus has issued a firmware update for its routers to address nine vulnerabilities ranging from low to critical levels of danger. Users have been urged by the company to update their devices immediately or limit access to them from the external network.
Two of the nine vulnerabilities are considered critical, with the first being an ASUSWRT firmware error identified as CVE-2022-26376, which may lead to a refusal to maintain or execute an arbitrary code on a router. The second is an old vulnerability in Netatalk, previously known as CVE-2018-1160, which allows attackers to obtain control over the device.
“If you decide not to install a new version of the firmware, we strongly recommend turning off the services available from the external network to avoid potential undesirable intrusions. Such services include remote access from the WAN, redirecting ports, DDNS, VPN server, DMZ, Port trigger,” said ASUS in a message to customers.
ASUS advised users to periodically check their equipment and safety procedures to ensure the best protection. The firmware update applies to a range of router models, including GT6, GT-AXE16000, GT-AX111000 Pro, GT-AX6000, GT-AX11000, GS-AX5400, GS-AX3000, XT9, XT8, XT8 V2, RT-AX86U PRO, RT-Ax86U, RT-AX86S, RT-AX82U, RT-AX58U, RT-AX3000, TUF-AX6000, and TUF-AX5400.
The new firmware can be downloaded from the ASUS support site or using the links provided in the company’s report. ASUS also recommends creating unique passwords for wireless networks and router administration pages of at least eight characters, including uppercase and lowercase letters, numbers and special characters, and not using the same password for different devices or services.

/Reports, release notes, official announcements.