All three flaws, which have a critical severity CVSS v3.1 score of 9.8 out of 10.0, are format string vulnerabilities that hackers can remotely exploit without authentication. From here, they could remotely execute code on the devices, interrupt their service and perform other arbitrary operations.
The vulnerabilities, tracked as CVE-2023-39238, CVE-2023-39239 and CVE-2023-39240, were disclosed by Taiwan’s Computer Emergency Response Team (CERT) earlier today and impact the Asus RT-AX55, RT-AX56U_V2, and RT-AC86U running firmware versions 220.127.116.11.386_50460, 18.104.22.168.386_50460, and 22.214.171.124_386_51529.
Fortunately for owners of some of the best gaming routers from Asus, the company has already released firmware updates to patch these vulnerabilities.
How to update your Asus router
If you own one of the affected Asus routers, you’re going to need to apply the latest firmware updates ASAP since failure to do so can leave your router vulnerable to cyberattacks. There are several different ways to update your Asus router and you can do so using the company’s WebGUI, manually or with the Asus Router App.
The Asus RT-AX55 needs to be running firmware version 126.96.36.199.386_51948 or later, the Asus RT-AX56U_V2 requires firmware version 188.8.131.52.386_51948 or later and the Asus RT-AC86U should be running firmware version 184.108.40.206.386_51915 or later to be protected against attacks leveraging these vulnerabilities.
If you regularly update your router (which you should), you may already be protected as Asus released a patch to address these three flaws back in May for the Asus AX56U_V2, in July for the Asus RT-AC86U and in early August for the Asus RT-AX55.
For additional protection, you should also disable remote administration (WAN Web Access) on your Asus router as these flaws and others like it often target the web admin console on consumer devices.
More from Tom's Guide
Get the BEST of Tom’s Guide daily right in your inbox: Sign up now!
Upgrade your life with the Tom’s Guide newsletter. Subscribe now for a daily dose of the biggest tech news, lifestyle hacks and hottest deals. Elevate your everyday with our curated analysis and be the first to know about cutting-edge gadgets.
Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.