Three critical-severity remote code execution vulnerabilities impact ASUS RT-AX55, RT-AX56U_V2, and RT-AC86U routers, potentially allowing threat actors to hijack devices if security updates are not installed.
These three WiFi routers are popular high-end models within the consumer networking market, currently available on the ASUS website, favored by gamers and users with demanding performance needs.
The flaws, which all have a CVSS v3.1 score of 9.8 out of 10.0, are format string vulnerabilities that can be exploited remotely and without authentication, potentially allowing remote code execution, service interruptions, and performing arbitrary operations on the device…
The recommended solution is to apply the following firmware updates:
RT-AX55: 3.0.0.4.386_51948 or later
RT-AX56U_V2: 3.0.0.4.386_51948 or later
RT-AC86U: 3.0.0.4.386_51915 or later
ASUS released patches that address the three flaws in early August 2023 for RT-AX55, in May 2023 for AX56U_V2, and in July 2023 for RT-AC86U…Furthermore, as many consumer router flaws target the web admin console, it is strongly advised to turn off the remote administration (WAN Web Access) feature to prevent access from the internet.
|
There are isolated problems with current patches, but they are well-known and documented on this site. |
-
ASUS routers vulnerable to critical remote code execution flaws
- This topic has 4 replies, 3 voices, and was last updated 1 year, 8 months ago.
AuthorViewing 2 reply threadsAuthor-
it is strongly advised to turn off the remote administration
This should be the default for any router you own. The only access should be from your local network, never the internet.
cheers, Paul
1 user thanked author for this post.
-
-
In the Venn diagram of computing, convenience and security never overlap. Throw in any third attribute you like.
1 user thanked author for this post.
Viewing 2 reply threads
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
184 MILLION Passwords on FBook, Google, MS & Netflix hacked/leaked
by 2 hours, 20 minutes ago
-
T-Mobile’s T-Life App has a “Screen Recording Tool” Turned on
by 2 hours, 35 minutes ago
-
Windows 11 Insider Preview Build 26100.4202 (24H2) released to Release Preview
by 5 hours, 22 minutes ago
-
Windows Update orchestration platform to update all software
by 9 hours, 54 minutes ago
-
May preview updates
by 11 hours, 33 minutes ago
-
Microsoft releases KB5061977 Windows 11 24H2, Server 2025 emergency out of band
by 22 minutes ago
-
Just got this pop-up page while browsing
by 2 hours, 6 minutes ago
-
KB5058379 / KB 5061768 Failures
by 3 hours, 33 minutes ago
-
Windows 10 23H2 Good to Update to ?
by 30 minutes ago
-
At last – installation of 24H2
by 1 day, 1 hour ago
-
MS-DEFCON 4: As good as it gets
by 6 hours, 17 minutes ago
-
RyTuneX optimize Windows 10/11 tool
by 1 day, 13 hours ago
-
Can I just update from Win11 22H2 to 23H2?
by 1 day, 6 hours ago
-
Limited account permission error related to Windows Update
by 2 days, 3 hours ago
-
Another test post
by 2 days, 3 hours ago
-
Connect to someone else computer
by 1 day, 21 hours ago
-
Limit on User names?
by 2 days ago
-
Choose the right apps for traveling
by 1 day, 14 hours ago
-
BitLocker rears its head
by 22 hours, 39 minutes ago
-
Who are you? (2025 edition)
by 21 hours, 36 minutes ago
-
AskWoody at the computer museum, round two
by 1 day, 17 hours ago
-
A smarter, simpler Firefox address bar
by 2 days, 13 hours ago
-
Woody
by 2 days, 22 hours ago
-
24H2 has suppressed my favoured spider
by 22 hours, 15 minutes ago
-
GeForce RTX 5060 in certain motherboards could experience blank screens
by 3 days, 13 hours ago
-
MS Office 365 Home on MAC
by 3 days, 6 hours ago
-
Google’s Veo3 video generator. Before you ask: yes, everything is AI here
by 4 days, 3 hours ago
-
Flash Drive Eject Error for Still In Use
by 22 hours ago
-
Windows 11 Insider Preview build 27863 released to Canary
by 4 days, 22 hours ago
-
Windows 11 Insider Preview build 26120.4161 (24H2) released to BETA
by 4 days, 22 hours ago
Remembering Woody
