Firmware updates have been issued by Asus to address nine security vulnerabilities impacting its WiFi router offerings, reports SecurityWeek.
Attackers could exploit the most critical of the fixed flaws a memory corruption issue, tracked as CVE-2018-1160 to facilitate arbitrary code execution attacks, according to Asus, which noted that the bug stemmed from inadequate bounds checking on data controlled by the attacker. Another memory corruption vulnerability, tracked as CVE-2022-26376, was also resolved in the update.
Users of vulnerable Asus WiFi routers have been urged to immediately apply the firmware updates, as well as perform periodic equipment and security procedure audits although the company has also given mitigations for those who cannot implement the latest firmware.
"If you choose not to install this new firmware version, we strongly recommend disabling services accessible from the WAN side to avoid potential unwanted intrusions. These services include remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port trigger," said Asus.
Related Terms
Anti-MalwareAntivirus SoftwareBring Your Own Device (BYOD)Ephemeral PortExtranetEndpoint SecurityFirmwareKeyloggerRegistryGet daily email updates
SC Media's daily must-read of the most current and pressing daily news