These Asus routers are vulnerable to remote code execution flaws — update right now

Anthony Spadafora

5 September 2023 at 5:35 pm·2-min read

Three critical remote code execution vulnerabilities have been identified and patched in several popular Wi-Fi routers from the Taiwanese hardware maker Asus.

As reported by BleepingCompute r, the Asus RT-AX55, Asus RT-AX56U_V2 and Asus RT-AC86U are vulnerable to being hijacked by hackers if the latest security updates aren’t installed.

All three flaws, which have a critical severity CVSS v3.1 score of 9.8 out of 10.0, are format string vulnerabilities that hackers can remotely exploit without authentication. From here, they could remotely execute code on the devices, interrupt their service and perform other arbitrary operations.

The vulnerabilities, tracked as CVE-2023-39238, CVE-2023-39239 and CVE-2023-39240, were disclosed by Taiwan’s Computer Emergency Response Team (CERT) earlier today and impact the Asus RT-AX55, RT-AX56U_V2, and RT-AC86U running firmware versions 3.0.0.4.386_50460, 3.0.0.4.386_50460, and 3.0.0.4_386_51529.

Fortunately for owners of some of the best gaming routers from Asus, the company has already released firmware updates to patch these vulnerabilities.

How to update your Asus router

If you own one of the affected Asus routers, you’re going to need to apply the latest firmware updates ASAP since failure to do so can leave your router vulnerable to cyberattacks. There are several different ways to update your Asus router and you can do so using the company’s WebGUI, manually or with the Asus Router App.

The Asus RT-AX55 needs to be running firmware version 3.0.0.4.386_51948 or later, the Asus RT-AX56U_V2 requires firmware version 3.0.0.4.386_51948 or later and the Asus RT-AC86U should be running firmware version 3.0.0.4.386_51915 or later to be protected against attacks leveraging these vulnerabilities.

If you regularly update your router (which you should), you may already be protected as Asus released a patch to address these three flaws back in May for the Asus AX56U_V2, in July for the Asus RT-AC86U and in early August for the Asus RT-AX55.

For additional protection, you should also disable remote administration (WAN Web Access) on your Asus router as these flaws and others like it often target the web admin console on consumer devices.

More from Tom's Guide

Hello!
Elizabeth Hurley flaunts bombshell curves as she twins with close friend in string bikini
Elizabeth Hurley looked sensational when she slipped on a daring bikini alongside her close friend. See photo.
BBC
France's far right 'sad and disappointed' over election result
With the champagne on ice, they thought they were on the brink of victory - but it didn't happen.
Reuters
China anchors 'monster ship' in South China Sea, Philippine coast guard says
The Philippine Coast Guard (PCG) said on Saturday that China's largest coastguard vessel has anchored in Manila's exclusive economic zone (EEZ) in the South China Sea, and is meant to intimidate its smaller Asian neighbour. The China coastguard's 165-meter 'monster ship' entered Manila's 200-nautical mile EEZ on July 2, spokesperson for the PCG Jay Tarriela told a news forum. The PCG warned the Chinese vessel it was in the Philippine's EEZ and asked about their intentions, he said.
INSIDER
Kamala Harris won't save Democrats if she takes over for Biden, warns historian who correctly predicted 9 of the last 10 elections
Professor Allan Lichtman told WSJ that based on his election model, President Joe Biden remains the Democrats' best shot for the White House in 2024.
INSIDER
Open criticism of Hamas is building in Gaza as Israel's deadly offensive rages on: 'May God curse them'
Public criticism of Hamas, which took full control of Gaza in 2007, had been relatively rare before the Gaza war.
INSIDER
North Korean troops could be sent to Ukraine due to their sheer numbers, not their effectiveness, experts say
A report said North Korea may send troops to aid Russia in Ukraine. If true, it would be due to their numbers not effectiveness, experts told BI.
The Telegraph
Britain is about to discover just how dangerous Labour really is
The canapes and white wine will be packed away. The wooing of the business lobbyists will come to an end. The cosy dinners with Sir Keir Starmer and Sir Tony Blair for select donors will be consigned to the past, and there will be no more polite requests to sign public letters of support for its policies.
KameraOne
LOST AT WEE: Sailor missing after falling overboard while taking a pee
On June 26, a sailor aboard a tugboat in the Sea of Japan fell overboard while urinating off the side during rough seas. The 51-year-old crewman vanished from sight shortly after the incident, and his absence was noticed only upon the tug's arrival at a bay in Russia. Despite a nine-day search, he has not been found.
The Telegraph
China’s dirty and dangerous race to become a space superpower
It was supposed to be a moment of triumph for China’s space industry. The 180ft Long March 3B rocket stood on the launch pad, ready to carry an American-made satellite into orbit on its debut mission.
Moneywise
Warren Buffett said that he could end America's deficit problem 'in five minutes' — here's what he would do
The Oracle of Omaha has a simple solution.
The Telegraph
England defy football logic – it is not normal to play so poorly and keep winning
Some great teams have made their mark on the history of the European Championship. Regardless of whether they deliver the ultimate success from this point on, this England side will not be remembered as one of them.
The Telegraph
The US Marines’ China-fighting, island hopping Q Ship plan is in trouble
The US Marine Corps has a new island-hopping strategy for a possible war with China. But the strategy requires a new ship – an easy-to-hide medium landing ship that’s cheap enough for the US Navy to buy quickly and in large numbers.
The Telegraph
From late-night text to mother’s fury: How the Murray-Raducanu Wimbledon saga unfolded
A whole 11 minutes after news broke that Emma Raducanu had pulled out from her mixed doubles appearance with her son, Judy Murray could not hide her feelings any longer.
SETHLUI.COM
Serangoon Garden Bakery & Confectionary: 40-year-old bakery with nostalgic bakes from $1.10 at Serangoon
The post Serangoon Garden Bakery & Confectionary: 40-year-old bakery with nostalgic bakes from $1.10 at Serangoon appeared first on SETHLUI.com.
INSIDER
The folding wingtips on Boeing's massive new 777X are a first in commercial aviation. Here's why the plane needs them.
The never-before-seen technology has several advantages, but the idea stemmed from airport-gate space limitations and the 777X's huge wingspan.
The Independent
Tragedy on July 4 trip as teen dies after jumping into ‘electrified’ lake
Two of Hamric’s friends also sustained minor electric shocks when they jumped into the water to help him
Hello!
Princess Josephine rocks entire outfit from mother Queen Mary's stylish wardrobe
Princess Josephine of Denmark rocked an entire outfit from mother Queen Mary's stylish wardrobe during a state visit to Greenland with King Frederik and Prince Vincent
The Telegraph
Germany has been overwhelmed by migrants, says Toni Kroos
Toni Kroos said he believes Germany’s influx of migrants was “too uncontrolled” and that the country has changed considerably in the 10 years since he left.
The Guardian
‘It’s my routine’: Ivan Toney vows to stick with no-look penalty at Euros
Ivan Toney has said he will carry on with his ’no-look’ penalties at Euro 2024 after scoring his spot-kick against Switzerland
People
Khloé Kardashian Wears Jaw-Dropping Cutout Dress for Star-Studded White Party on Fourth of July
The reality star attended the high-profile event alongside other A-listers

How to update your Asus router

More from Tom's Guide

Latest stories