These Asus routers are vulnerable to remote code execution flaws — update right now

News
By Anthony Spadafora
published

Three critical vulnerabilities could let hackers hijack your Asus router

Asus RT-AC86U
(Image credit: Asus)

Three critical remote code execution vulnerabilities have been identified and patched in several popular Wi-Fi routers from the Taiwanese hardware maker Asus.

As reported by BleepingComputer, the Asus RT-AX55, Asus RT-AX56U_V2 and Asus RT-AC86U are vulnerable to being hijacked by hackers if the latest security updates aren’t installed.

All three flaws, which have a critical severity CVSS v3.1 score of 9.8 out of 10.0, are format string vulnerabilities that hackers can remotely exploit without authentication. From here, they could remotely execute code on the devices, interrupt their service and perform other arbitrary operations.

The vulnerabilities, tracked as CVE-2023-39238, CVE-2023-39239 and CVE-2023-39240, were disclosed by Taiwan’s Computer Emergency Response Team (CERT) earlier today and impact the Asus RT-AX55, RT-AX56U_V2, and RT-AC86U running firmware versions 3.0.0.4.386_50460, 3.0.0.4.386_50460, and 3.0.0.4_386_51529.

Fortunately for owners of some of the best gaming routers from Asus, the company has already released firmware updates to patch these vulnerabilities.

How to update your Asus router

If you own one of the affected Asus routers, you’re going to need to apply the latest firmware updates ASAP since failure to do so can leave your router vulnerable to cyberattacks. There are several different ways to update your Asus router and you can do so using the company’s WebGUI, manually or with the Asus Router App

The Asus RT-AX55 needs to be running firmware version 3.0.0.4.386_51948 or later, the Asus RT-AX56U_V2 requires firmware version 3.0.0.4.386_51948 or later and the Asus RT-AC86U should be running firmware version 3.0.0.4.386_51915 or later to be protected against attacks leveraging these vulnerabilities.

If you regularly update your router (which you should), you may already be protected as Asus released a patch to address these three flaws back in May for the Asus AX56U_V2, in July for the Asus RT-AC86U and in early August for the Asus RT-AX55.

For additional protection, you should also disable remote administration (WAN Web Access) on your Asus router as these flaws and others like it often target the web admin console on consumer devices.

More from Tom's Guide

Anthony Spadafora
Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.