These Asus routers are vulnerable to remote code execution flaws — update right now

 Asus RT-AC86U
Asus RT-AC86U

Three critical remote code execution vulnerabilities have been identified and patched in several popular Wi-Fi routers from the Taiwanese hardware maker Asus.

As reported by BleepingComputer, the Asus RT-AX55, Asus RT-AX56U_V2 and Asus RT-AC86U are vulnerable to being hijacked by hackers if the latest security updates aren’t installed.

All three flaws, which have a critical severity CVSS v3.1 score of 9.8 out of 10.0, are format string vulnerabilities that hackers can remotely exploit without authentication. From here, they could remotely execute code on the devices, interrupt their service and perform other arbitrary operations.

The vulnerabilities, tracked as CVE-2023-39238, CVE-2023-39239 and CVE-2023-39240, were disclosed by Taiwan’s Computer Emergency Response Team (CERT) earlier today and impact the Asus RT-AX55, RT-AX56U_V2, and RT-AC86U running firmware versions,, and

Fortunately for owners of some of the best gaming routers from Asus, the company has already released firmware updates to patch these vulnerabilities.

How to update your Asus router

If you own one of the affected Asus routers, you’re going to need to apply the latest firmware updates ASAP since failure to do so can leave your router vulnerable to cyberattacks. There are several different ways to update your Asus router and you can do so using the company’s WebGUI, manually or with the Asus Router App.

The Asus RT-AX55 needs to be running firmware version or later, the Asus RT-AX56U_V2 requires firmware version or later and the Asus RT-AC86U should be running firmware version or later to be protected against attacks leveraging these vulnerabilities.

If you regularly update your router (which you should), you may already be protected as Asus released a patch to address these three flaws back in May for the Asus AX56U_V2, in July for the Asus RT-AC86U and in early August for the Asus RT-AX55.

For additional protection, you should also disable remote administration (WAN Web Access) on your Asus router as these flaws and others like it often target the web admin console on consumer devices.

More from Tom's Guide