ASUS Urges Customers To Patch Critical Router Vulnerabilities - 20230622001¶
Overview¶
ASUS has released new firmware with cumulative security updates that address vulnerabilities in multiple router models, warning customers to immediately update their devices or restrict WAN access until they're secured.
What is the vulnerability?¶
CVE-2023-28702 - CVSS v3 Base Score: 8.8\ CVE-2023-28703 - CVSS v3 Base Score: 7.2\ CVE-2023-31195 - CVSS v3 Base Score: 5.3\ CVE-2022-46871 - CVSS v3 Base Score: 8.8\ CVE-2022-38105 - CVSS v3 Base Score: 7.5\ CVE-2022-35401 - CVSS v3 Base Score: 8.1\ CVE-2022-38393 - CVSS v3 Base Score: 7.5\ CVE-2022-26376 - CVSS v3 Base Score: 9.8\ CVE-2018-1160 - CVSS v3 Base Score: 9.8
What is vulnerable?¶
The vulnerability affects the following ASUS products:
- GT6
- GT-AXE16000
- GT-AXE11000 PRO
- GT-AXE11000
- GT-AX6000
- GT-AX11000
- GS-AX5400
- GS-AX3000
- ZenWiFi XT9
- ZenWiFi XT8
- ZenWiFi XT8_V2
- RT-AX86U PRO
- RT-AX86U
- RT-AX86S
- RT-AX82U
- RT-AX58U
- RT-AX3000
- TUF-AX6000
- TUF-AX5400
What has been observed?¶
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices: ASUS Product Security Advisory