Some ASUS routers need a firmware update applied as soon as possible, as it contains important security fixes.
ASUS published a security advisory urging owners to upgrade to a new firmware release that delivers various resolutions for a raft of vulnerabilities, as Bleeping Computer spotted.
This includes a fix for nine security holes, including some severe ones - such as CVE-2022-26376, which is a memory corruption vulnerability, and CVE-2018-1160. The latter is an out-of-bounds write Netatalk flaw that can be leveraged to carry out arbitrary code execution.
How do you know if your ASUS router is affected? As you might expect, the company has provided a list of routers that are hit by these vulnerabilities, and they are as follows: GT6, GT-AXE16000, GT-AX11000 PRO, GT-AX6000, GT-AX11000, GS-AX5400, GS-AX3000, XT9, XT8, XT8 V2, RT-AX86U PRO, RT-AX86U, RT-AX86S, RT-AX82U, RT-AX58U, RT-AX3000, TUF-AX6000, and TUF-AX5400.
ASUS has made a handy list of the download links for the new firmware for all those affected models, which you can find at the end of the mentioned security advisory.
If you're not in a position to update the firmware for one of these routers yet, ASUS strongly advises that you should:
"Disable services accessible from the WAN side to avoid potential unwanted intrusions. These services include remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port trigger."
Now these exploits are public knowledge, the urgency to patch them up is, of course, all the more pressing.
In its advisory, ASUS imparts some extra bits of advice for tighter security in general, including not reusing the same password for your Wi-Fi network and admin login, and to enable its AiProtection feature (provided that your router supports it, naturally).