Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerabilities in ASUS's Router Products
Alerts

Critical Vulnerabilities in ASUS's Router Products

21 June 2023

ASUS has released security updates to address two critical vulnerabilities (CVE-2022-26376 and CVE-2018-1160) in some router products. The vulnerabilities have a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10.

The vulnerabilities are:

• CVE-2022-26376: A memory corruption vulnerability that could allow an attacker to cause a denial-of-service (DoS) condition or execute code.

• CVE-2018-1160: An out-of-bounds write Netatalk vulnerability that could allow a remote unauthenticated attacker to execute arbitrary code.

The vulnerabilities affect the following products:

• GT6

• GT-AXE16000

• GT-AX Models: GT-AX11000, GT-AX11000 PRO, GT-AX6000, GT-AX5400, GT-AX3000

• XT Models: XT8 (V1 and V2), XT9

• RT-AX Models: RT-AX58U, RT-AX82U, RT-AX86S, RT-AX86U, RT-AX86U PRO, RT-AX3000

• TUF-AX Models: TUF-AX5400, TUF-AX6000

Users and administrators of affected products are advised to update their product's firmware immediately.

More information is available here:

https://www.asus.com/content/asus-product-security-advisory/

https://nvd.nist.gov/vuln/detail/CVE-2018-1160

https://nvd.nist.gov/vuln/detail/CVE-2022-26376

https://www.bleepingcomputer.com/news/security/asus-urges-customers-to-patch-critical-router-vulnerabilities/

https://www.securityweek.com/asus-patches-highly-critical-wifi-router-flaws/

Back to top