19 Asus Routers Need Their Firmware Updated Immediately

pcmag.com:

Asus released a critical firmware update for 19 of its wireless routers that fixes nine serious security flaws as well as 17 other vulnerabilities.

As Bleeping Computer reports(Opens in a new window), this is a firmware update owners of Asus routers shouldn't ignore. Of the nine security flaws it fixes, at least two are critical bugs that could allow an attacker to execute code or trigger a DDoS attack.

The full list of security fixes(Opens in a new window) contained in this firmware update are:

Fixed CVE-2023-28702, CVE-2023-28703, CVE-2023-31195, CVE-2022-46871, CVE-2022-38105, CVE-2022-35401, CVE-2018-1160, CVE-2022-38393, CVE-2022-26376

Fixed DoS vulnerabilities in firewall configuration pages.

Fixed DoS vulnerabilities in httpd.

Fixed information disclosure vulnerability.

Fixed null pointer dereference vulnerabilities.

Fixed the cfg server vulnerability.

Fixed the vulnerability in the log message function.

Fixed Client DOM Stored XSS

Fixed HTTP response splitting vulnerability

Fixed status page HTML vulnerability.

Fixed HTTP response splitting vulnerability.

Fixed Samba related vulnerabilities.

Fixed Open redirect vulnerability.

Fixed token authentication security issues.

Fixed security issues on the status page.

Enabled and supported ECDSA certificates for Let's Encrypt.

Enhanced protection for credentials.

Enhanced protection for OTA firmware updates.

The vulnerable routers requiring the update include the GT6(Opens in a new window), GT-AXE16000(Opens in a new window), GT-AX11000 PRO(Opens in a new window), GT-AXE11000(Opens in a new window), GT-AX6000(Opens in a new window), GT-AX11000(Opens in a new window), GS-AX5400(Opens in a new window), GS-AX3000(Opens in a new window), ZenWiFi XT9(Opens in a new window),