Asus router security flaws

New disclosures say three popular Asus routers have major security vulnerabilities which can let hackers hijack endpoints, disrupt connectivity, and install malware and ransomware.

RT-AX55
RT-AX56U_V2
RT-AC86U

The issues are designated CVE-2023-39238, CVE-2023-39239, and CVE-2023-39240, which have very high severity scores, between 9.8 - 10.0. They affect router firmware versions 3.0.0.4.386_50460, 3.0.0.4.386_50460, and 3.0.0.4_386_51529, respectively.

If you use any of these routers, make sure its firmware is the latest update:
RT-AX55: 3.0.0.4.386_51948 or later
RT-AX56U_V2: 3.0.0.4.386_51948 or later
RT-AC86U: 3.0.0.4.386_51915 or later

Users are also being advised to turn off the remote administration feature (WAN Web Access) which hackers use to target these devices.

Severe security issues were previously identified in June'23 for these Asus routers:
GT6
GT-AXE16000
GT-AX11000 PRO
GT-AXE11000
GT-AX6000

GT-AX11000

GS-AX5400

GS-AX3000

XT9

XT8

XT8 V2

RT-AX86U PRO

RT-AX86U

RT-AX86S

RT-AX82U

RT-AX58U

RT-AX3000

TUF-AX6000
TUF-AX5400

So if you have any of these routers, make sure the firmware is up-to-date.

Router firmware updates are available at the Asus Download Center.