Owners of various Asus RT, GT, ZenWifi, and TUF routers should check for firmware updates as soon as possible. This week, the company released a security patch resolving nine vulnerabilities that could potentially result in denial of service or remote code execution attacks.
One of the most critical flaws addressed could cause memory corruption after an attacker sends a specifically tailored HTTP request. The update also resolves a critical vulnerability that security researchers have been tracking since 2018, which allows hackers to execute arbitrary code via an out-of-bounds write.
All of the other security issues are classified as high severity. One of these flaws facilitates man-in-the-middle attacks, enabling hackers to hijack user sessions, while another may leak sensitive information when a network request is sent by an attacker. Two vulnerabilities, which were discovered as recently as this month, could enable an unauthorized user to terminate service. Furthermore, this patch enhances credential protection and fortifies the security of over-the-air updates.
The situation impacts the following router models. Each link below leads to the corresponding manual firmware download on the Asus support site.
- GT-AXE11000 PRO
- ZenWiFi XT9
- ZenWiFi XT8
- ZenWiFi XT8_V2
- RT-AX86U PRO
To perform an auto-update, connect a computer to the router, then enter the router’s IP address into a web browser’s address bar to access the device’s web user interface. You can find the IP address using the Asus Device Discovery Utility.
Upon accessing the router’s web user interface, a notification will appear in the top right corner if a firmware update is available. Click the “Firmware Upgrade” button to download and install the patch, a process that should take a few minutes.
Alternatively, you can manually update the firmware. To do so, download and unzip the appropriate firmware from the Asus support site, then click the “Upload” button found next to the phrase “Manual firmware update” near the bottom of the firmware upgrade page. Once the file window opens, select the unzipped firmware file to begin the update.
Asus recommends resetting the router to factory settings after applying the patch. The company’s FAQ page contains further instructions.
Masthead credit: Dong Knows Tech