Router manufacturers Asus and Huawei have disclosed critical security vulnerabilities in several of their router models, issuing essential firmware updates to address these security gaps.
Nineteen models of Asus routers and one Huawei router model have been impacted, emphasizing the immediate need for users to update their router firmware.
Detailed Examination of Asus Security Issues
Particular Asus routers have raised security concerns due to vulnerabilities CVE-2022-26376 and CVE-2018-1160, both classified as critical, as brought to light by Bleeping Computer. The first vulnerability is linked to the potential for attackers to cause memory errors through specially designed HTTP requests. The latter, a known vulnerability affecting the Netatalk file server, can enable attackers to execute arbitrary code. Asus has recognized these and other vulnerabilities, underlining the necessity for corrective action via a new firmware release. The updated firmware is now accessible for the following Asus router models. This collective firmware update for these routers tackles a wide range of vulnerabilities and bug fixes, including:
- Multiple CVEs
- Denial of Service (DoS) vulnerabilities in firewall configuration pages and httpd
- Information disclosure vulnerability
- Null pointer dereference vulnerabilities
- Cfg server vulnerability
- Vulnerability in the logmessage function
- Client DOM Stored XSS
- HTTP response splitting vulnerability
- Status page HTML vulnerability
- Samba-related vulnerabilities
- Open redirect vulnerability
- Token authentication security issues
- Security issues on the status page
- Enabling and support for ECDSA certificates for Let's Encrypt
- Enhanced protection for credentials and OTA firmware updates
Asus's Advice for Users
Asus recommends that users unable to install the firmware updates should consider disabling certain services that can be accessed through the Wide Area Network (WAN). These services include WAN remote access, port forwarding, DDNS, VPN server, DMZ, and port triggers.
Huawei Router Vulnerability
A single Huawei router has been identified with a known vulnerability (CVE-2022-48469) according to heise online. Exploiting this vulnerability allows an attacker to hijack data packets during transmission
| Asus routers | Firmware |
|---|---|
| GT6 | Link |
| GT-AXE16000 | Link |
| GT-AXE11000 PRO | Link |
| GT-AXE11000 | Link |
| GT-AX6000 | Link |
| GT-AX11000 | Link |
| GS-AX5400 | Link |
| GS-AX3000 | Link |
| ZenWiFi XT9 | Link |
| ZenWiFi XT8 | Link |
| ZenWiFi XT8_V2 | Link |
| RT-AX86U PRO | Link |
| RT-AX86U | Link |
| RT-AX86S | Link |
| RT-AX82U | Link |
| RT-AX58U | Link |
| RT-AX3000 | Link |
| TUF-AX6000 | Link |
| TUF-AX5400 | Link |
Firmware Updates Required for Asus and Huawei Routers with Critical Security Vulnerabilities
