Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerabilities in ASUS' Router Products
Alerts

Critical Vulnerabilities in ASUS' Router Products

6 September 2023

ASUS has released security updates to address three critical remote code execution vulnerabilities (CVE-2023-39238, CVE-2023-39239, CVE-2023-39240) in some router products. The vulnerabilities have a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10. 

Successful exploitation of the vulnerabilities could allow an attacker to execute arbitrary code by sending specially crafted inputs to the vulnerable products.

The vulnerabilities affect the following products and firmware versions:

  • RT-AX55: 3.0.0.4.386_50460

  • RT-AX56U_V2: 3.0.0.4.386_50460

  • RT-AC86U: 3.0.0.4.386_51529


Users and administrators of affected products are advised to turn off the remote administration (WAN Web Access) feature to prevent access from the internet, and update their product's firmware immediately:

  • RT-AX55: 3.0.0.4.386_51948 or later

  • RT-AX56U_V2: 3.0.0.4.386_51948 or later

  • RT-AC86U: 3.0.0.4.386_51915 or later


More information is available here:


https://www.bleepingcomputer.com/news/security/asus-routers-vulnerable-to-critical-remote-code-execution-flaws/

Back to top