If you own an Asus router, you should update the firmware to protect against critical vulnerabilities right now

News
By
published

A public service announcement.

Asus ROG Rapture GT-AX11000 router
(Image credit: Asus)

Asus is recommending users update the firmware on some of its most popular routers in order to address critical security vulnerabilities. The updates include fixes or mitigations for nine security vulnerabilities. 

According to Bleeping Computer, the CVE-2022-26376 and CVE-2018-1160 vulnerabilities are the most worrisome. The first is a memory corruption vulnerability that could let attackers launch DoS attacks or even execute code. It carries a critical 9.8/10 severity rating according to the NIST's National Vulnerability Database.  

The second is a five-year-old vulnerability with the same 9.8/10 critical rating. It too can allow an attacker to execute code. Both methods place the router at risk of becoming part of a botnet or used for all kinds of nefarious purposes.

The list of affected models follows: GT6, GT-AXE16000, GT-AX11000 PRO, GT-AX6000, GT-AX11000, GS-AX5400, GS-AX3000, XT9, XT8, XT8 V2, RT-AX86U PRO, RT-AX86U, RT-AX86S, RT-AX82U, RT-AX58U, RT-AX3000, TUF-AX6000, and TUF-AX5400. 

Virtual reality

(Image credit: Valve)

Best VR headset: which kit should you choose?
Best graphics card: you need serious GPU power for VR
Best gaming laptop: don't get tied to your desktop in VR

Asus clearly believes these are significant issues. "Please note, if you choose not to install this new firmware version, we strongly recommend disabling services accessible from the WAN side to avoid potential unwanted intrusions. These services include remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port trigger," Asus said on its Product Security Advisory webpage.

In other words, turn off your internet. Eek.

An unpatched router will be at risk of being turned into a botnet zombie, which can then be used to carry out a variety of scummy actions including Denial of Service attacks, password theft, or sending spam emails.

Asus routers have been targeted in the past. Last year its devices were vulnerable to the Cyclops Blink malware. Asus is not the only router manufacturer to have security issues, though. Pretty much every manufacturer faces them at some point. In 2020, the Fraunhofer Institute for Communication (FKIE) examined 127 home routers from several manufacturers, and all 127 had vulnerabilities.

Check for router updates regularly, folks! Its either that or ditch the internet altogether.

TOPICS
Chris Szewczyk
Chris Szewczyk
Hardware Writer

Chris' gaming experiences go back to the mid-nineties when he conned his parents into buying an 'educational PC' that was conveniently overpowered to play Doom and Tie Fighter. He developed a love of extreme overclocking that destroyed his savings despite the cheaper hardware on offer via his job at a PC store. To afford more LN2 he began moonlighting as a reviewer for VR-Zone before jumping the fence to work for MSI Australia. Since then, he's gone back to journalism, enthusiastically reviewing the latest and greatest components for PC & Tech Authority, PC Powerplay and currently Australian Personal Computer magazine and PC Gamer. Chris still puts far too many hours into Borderlands 3, always striving to become a more efficient killer.

Read more
Netgear Nighthawk XR1000
Netgear says certain router owners should 'download the latest firmware as soon as possible' to patch a critical vulnerability
Pipboy holds up an open padlock.
A BIOS update could be all that's stopping you or someone else from jailbreaking your old AMD CPU
TP-Link AXE75 Wi-Fi 6E router
US congressman calls again for the government to ban Chinese-made TP-Link routers: 'I would not have that in my home'
Motherboard with Multiple Memory Slots for High Performance Computing
Researchers have found a way to hack the memory on some virtual machines using a Raspberry Pi
Mister Fantastic giving a thumbs up
A Marvel Rivals player has uncovered 'one of the most dangerous vulnerabilities a game can have' that'll let cheaters take over your PC and find your passwords
The PCIe slot on an Asus ROG Strix B850-F Gaming WiFi motherboard, showing the Q-release latch for GPUs.
Asus says its easy-peasy PCIe slot causes 'no damage that would affect functionality' following claims of excessive wear, but says it'll cover any damage
Latest in Networking
Netgear Nighthawk XR1000
Netgear says certain router owners should 'download the latest firmware as soon as possible' to patch a critical vulnerability
TP-Link AXE75 Wi-Fi 6E router
US congressman calls again for the government to ban Chinese-made TP-Link routers: 'I would not have that in my home'
An illustration of a silhouetted thief in motion running while carrying a stolen fingerprint. This could represent individuality, identity, privacy concerns, or a concept of personal data being in motion or at risk. The combination of the human form with the unique identifier of a fingerprint offers a visual metaphor for themes such as identity theft, digital security, or the trace we leave behind in a digital age. The overall aesthetic is bold and dynamic, fitting for topics of cybersecurity, personal identity, or discussions about the intersection of humanity and technology.
Hackers hijack over 16,000 TP-Link network devices, creating a big ol' botnet that's absolutely slamming Microsoft Azure accounts
Netgear Nighthawk RS300 Wi-Fi 7 router
Netgear Nighthawk RS300 review
TP-Link Archer GE800 router
US lawmakers believe TP-Link networking products come with an 'unusual degree of vulnerabilities' leaving them vulnerable to hackers
A racing car in F1 2022 game with a cartoon explosion overlayed on top
Today I learned F1 cars can have their engines disabled wirelessly via IP connection
Latest in News
Project C4 teaser still
It's another day of Disco Elysium-related announcements trying to kneecap each other: Studio ZA/UM has put out a teaser for its first new game since 2019, and it's not Disco Elysium 2
A goblin wizard, holding a dice, and a dice with a goblin wizard holding a dice placed within it.
If you've ever wanted to trap your D&D character in dice like a fly in amber, 3,700+ people are paying Hero Forge close to $400,000 in Kickstarter funds for the pleasure
The PCIe slot on an Asus ROG Strix B850-F Gaming WiFi motherboard, showing the Q-release latch for GPUs.
Gigabyte seemingly mocks Asus' recent Q-release debacle with a video swapping out an RTX 5070 Ti 100 times
Inzoi - A Zoi with blonde hair and blue eyes wears a cardigan and smiles in a gaming room
'I was recklessly brave to even think about creating a game of this scale': Inzoi director admits he now sees 'why so few companies have attempted to develop a life simulation game'
Manor Lords promo art - knight on horseback looking at a medieval village in the distance, viewed from behind
PCG's best city builder of 2024 is adding a map with a gigantic hill in the middle: the perfect spot for your next castle
A World of Warcraft dwarf and human character standing in front of the entrance to a delve dungeon
WoW's nerfed its poor Delve companion into a dwarf-shaped crater after his tank spec made them too easy, and people aren't happy
More about networking
Netgear Nighthawk XR1000

Netgear says certain router owners should 'download the latest firmware as soon as possible' to patch a critical vulnerability
TP-Link AXE75 Wi-Fi 6E router

US congressman calls again for the government to ban Chinese-made TP-Link routers: 'I would not have that in my home'
Project C4 teaser still

It's another day of Disco Elysium-related announcements trying to kneecap each other: Studio ZA/UM has put out a teaser for its first new game since 2019, and it's not Disco Elysium 2
See more latest
Most Popular
Project C4 teaser still
It's another day of Disco Elysium-related announcements trying to kneecap each other: Studio ZA/UM has put out a teaser for its first new game since 2019, and it's not Disco Elysium 2
A goblin wizard, holding a dice, and a dice with a goblin wizard holding a dice placed within it.
If you've ever wanted to trap your D&D character in dice like a fly in amber, 3,700+ people are paying Hero Forge close to $400,000 in Kickstarter funds for the pleasure
Inzoi - A Zoi with blonde hair and blue eyes wears a cardigan and smiles in a gaming room
'I was recklessly brave to even think about creating a game of this scale': Inzoi director admits he now sees 'why so few companies have attempted to develop a life simulation game'
Manor Lords promo art - knight on horseback looking at a medieval village in the distance, viewed from behind
PCG's best city builder of 2024 is adding a map with a gigantic hill in the middle: the perfect spot for your next castle
Xbox handheld
Microsoft is reportedly prepping a handheld Xbox for later this year with new consoles coming in 2027
A World of Warcraft dwarf and human character standing in front of the entrance to a delve dungeon
WoW's nerfed its poor Delve companion into a dwarf-shaped crater after his tank spec made them too easy, and people aren't happy
One of Repo's player characters, resembling a yellow pedal bin with googly eyes, encounters a skeletal, open mouthed face with glowing yellow eyes.
After REPO 'kinda blew up', its developer asks the community for advice on how to make matchmaking lobbies
Art of a woman smoking a cigarette on teal background wearing leather jacket, challenging the viewer.
After suing a Disco Elysium writer to prevent him from making his own game, a tech CEO who's allegedly banned from the Disco Elysium subreddit is trying to crowdfund a spiritual successor
Microsoft Windows 11
The latest Windows 11 dev build gives you the ability to snap together commonly paired apps for access in a single click, and I'm already sold
Inside
Limbo and Inside studio demands compensation from co-founder Dino Patti for alleged 'unauthorized use of Playdead's trademarks and copyrighted works'