ASUS patches three routers vulnerable to remote code execution
ASUS has released patches for several critical flaws in three of its routers. These vulnerabilities enable remote code execution. This concerns the ASUS RT-AX55, RT-AX56U_V2 and RT-AC86U.
The ASUS RT-AC86U
The ASUS routers mentioned are all vulnerable to three different vulnerabilities. Taiwan’s national Computer Emergency Response Team recently reported this Bleeping Computer noted.
The three vulnerabilities are classified as CVE-2023-39238, CVE-2023-39239 and CVE-2023-39240. They all have a CVSS score of 9.8 out of 10. They also all involve format string vulnerabilities that can be executed remotely and without authentication. These make it possible to execute code on the routers remotely.
Patches are now available. Users are advised to install it as soon as possible. The AX55 received the patches in August. The AX56U_V2 received the update in May and the AC86U received the patches in July. Users can update the firmware via the router’s web interface, or download it manually from the ASUS website.
| Router | Vulnerable firmware | Firmware version with patches |
| ASUS RT-AX55 | Firmware version 3.0.0.4.386_50460 | Firmware version 3.0.0.4.386_51948 or newer |
| ASUS RT-AX56U_V2 | Firmware version 3.0.0.4.386_50460 | Firmware version 3.0.0.4.386_51948 or newer |
| ASUS RT-AC86U | Firmware version 3.0.0.4_386_51529 | Firmware version 3.0.0.4.386_51915 or newer |