Anyone with the following three, ASUS router models should check for firmware updates as they are vulnerable: ASUS RT-AX55, RT-AX56U_V2, and RT-AC86U
From the article:
The three vulnerabilities that were disclosed earlier today by the Taiwanese CERT are the following:
- CVE-2023-39238: Lack of proper verification of the input format string on the iperf-related API module ‘ser_iperf3_svr.cgi’.
- CVE-2023-39239: Lack of proper verification of the input format string in the API of the general setting function.
- CVE-2023-39240: Lack of proper verification of the input format string on the iperf-related API module ‘ser_iperf3_cli.cgi’.
The above issues impact ASUS RT-AX55, RT-AX56U_V2, and RT-AC86U in firmware versions 188.8.131.52.386_50460, 184.108.40.206.386_50460, and 220.127.116.11_386_51529 respectively.
The recommended solution is to apply the following firmware updates:
- RT-AX55: 18.104.22.168.386_51948 or later
- RT-AX56U_V2: 22.214.171.124.386_51948 or later
- RT-AC86U: 126.96.36.199.386_51915 or later
ASUS released patches that address the three flaws in early August 2023 for RT-AX55, in May 2023 for AX56U_V2, and in July 2023 for RT-AC86U.