ASUS Routers are vulnerable to "Remote Code Execution"

Anyone with the following three, ASUS router models should check for firmware updates as they are vulnerable: ASUS RT-AX55, RT-AX56U_V2, and RT-AC86U 

https://www.bleepingcomputer.com/news/security/asus-routers-vulnerable-to-critical-remote-code-execution-flaws/

From the article:

The flaws

The three vulnerabilities that were disclosed earlier today by the Taiwanese CERT are the following:

  1. CVE-2023-39238: Lack of proper verification of the input format string on the iperf-related API module ‘ser_iperf3_svr.cgi’.
  2. CVE-2023-39239: Lack of proper verification of the input format string in the API of the general setting function.
  3. CVE-2023-39240: Lack of proper verification of the input format string on the iperf-related API module ‘ser_iperf3_cli.cgi’.

The above issues impact ASUS RT-AX55, RT-AX56U_V2, and RT-AC86U in firmware versions 3.0.0.4.386_50460, 3.0.0.4.386_50460, and 3.0.0.4_386_51529 respectively.

The recommended solution is to apply the following firmware updates:

ASUS released patches that address the three flaws in early August 2023 for RT-AX55, in May 2023 for AX56U_V2, and in July 2023 for RT-AC86U.

SA