Carding
Professional
- Messages
- 2,871
- Reaction score
- 2,467
- Points
- 113
Update your firmware or your data is in trouble.
Three critical remote code execution vulnerabilities were found in popular ASUS router models: RT-AX55, RT-AX56U_V2, and RT-AC86U. The defects will allow potential attackers to gain full control over devices if the user does not install the latest updates.
These models are very popular in the technology market and are considered among the best. They are often chosen by gamers and customers with high performance requirements.
The identified vulnerabilities have a high risk rating — 9.8 out of 10 on the CVSS version 3.1 scale.The flaws are related to the formatting string. Authentication is not required in order to use them. Similar problems occur if the system does not check or filter input data before using it in programming.
Attackers use specially generated input directed at unprotected systems. It is in ASUS routers that certain functions of the administrative API are compromised.
Defects detected by the Taiwanese company CERT:
In addition, since many vulnerabilities in consumer routers target the web management console, users are strongly advised to disable the remote administration feature (WAN Web Access) to prevent unauthorized access from the Internet.
Three critical remote code execution vulnerabilities were found in popular ASUS router models: RT-AX55, RT-AX56U_V2, and RT-AC86U. The defects will allow potential attackers to gain full control over devices if the user does not install the latest updates.
These models are very popular in the technology market and are considered among the best. They are often chosen by gamers and customers with high performance requirements.
The identified vulnerabilities have a high risk rating — 9.8 out of 10 on the CVSS version 3.1 scale.The flaws are related to the formatting string. Authentication is not required in order to use them. Similar problems occur if the system does not check or filter input data before using it in programming.
Attackers use specially generated input directed at unprotected systems. It is in ASUS routers that certain functions of the administrative API are compromised.
Defects detected by the Taiwanese company CERT:
- CVE-2023-39238: Incorrect formatting string check on the iperf-related API module 'ser_iperf3_svr. cgi'.
- CVE-2023-39239: Incorrect formatting string validation in the General Settings API.
- CVE-2023-39240: Incorrect formatting string validation on another iperf-related API module, 'ser_iperf3_cli.cgi'.
- RT-AX55: 3.0.0.4.386_51948
- RT-AX56U_V2: 3.0.0.4.386_51948
- RT-AC86U: 3.0.0.4.386_51915
In addition, since many vulnerabilities in consumer routers target the web management console, users are strongly advised to disable the remote administration feature (WAN Web Access) to prevent unauthorized access from the Internet.
