If you own an Asus router, you should update the firmware to protect against critical vulnerabilities right now

Asus ROG Rapture GT-AX11000 router
(Image credit: Asus)

Asus is recommending users update the firmware on some of its most popular routers in order to address critical security vulnerabilities. The updates include fixes or mitigations for nine security vulnerabilities. 

According to Bleeping Computer, the CVE-2022-26376 and CVE-2018-1160 vulnerabilities are the most worrisome. The first is a memory corruption vulnerability that could let attackers launch DoS attacks or even execute code. It carries a critical 9.8/10 severity rating according to the NIST's National Vulnerability Database.  

The second is a five-year-old vulnerability with the same 9.8/10 critical rating. It too can allow an attacker to execute code. Both methods place the router at risk of becoming part of a botnet or used for all kinds of nefarious purposes.

The list of affected models follows: GT6, GT-AXE16000, GT-AX11000 PRO, GT-AX6000, GT-AX11000, GS-AX5400, GS-AX3000, XT9, XT8, XT8 V2, RT-AX86U PRO, RT-AX86U, RT-AX86S, RT-AX82U, RT-AX58U, RT-AX3000, TUF-AX6000, and TUF-AX5400. 

Virtual reality

(Image credit: Valve)

Best VR headset: which kit should you choose?
Best graphics card: you need serious GPU power for VR
Best gaming laptop: don't get tied to your desktop in VR

Asus clearly believes these are significant issues. "Please note, if you choose not to install this new firmware version, we strongly recommend disabling services accessible from the WAN side to avoid potential unwanted intrusions. These services include remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port trigger," Asus said on its Product Security Advisory webpage.

In other words, turn off your internet. Eek.

An unpatched router will be at risk of being turned into a botnet zombie, which can then be used to carry out a variety of scummy actions including Denial of Service attacks, password theft, or sending spam emails.

Asus routers have been targeted in the past. Last year its devices were vulnerable to the Cyclops Blink malware. Asus is not the only router manufacturer to have security issues, though. Pretty much every manufacturer faces them at some point. In 2020, the Fraunhofer Institute for Communication (FKIE) examined 127 home routers from several manufacturers, and all 127 had vulnerabilities.

Check for router updates regularly, folks! Its either that or ditch the internet altogether.

TOPICS
Chris Szewczyk
Hardware Writer

Chris' gaming experiences go back to the mid-nineties when he conned his parents into buying an 'educational PC' that was conveniently overpowered to play Doom and Tie Fighter. He developed a love of extreme overclocking that destroyed his savings despite the cheaper hardware on offer via his job at a PC store. To afford more LN2 he began moonlighting as a reviewer for VR-Zone before jumping the fence to work for MSI Australia. Since then, he's gone back to journalism, enthusiastically reviewing the latest and greatest components for PC & Tech Authority, PC Powerplay and currently Australian Personal Computer magazine and PC Gamer. Chris still puts far too many hours into Borderlands 3, always striving to become a more efficient killer.