Anyone with the following three, ASUS router models should check for firmware updates as they are vulnerable: ASUS RT-AX55, RT-AX56U_V2, and RT-AC86U
https://www.bleepingcomputer.com/news/security/asus-routers-vulnerable-to-critical-remote-code-execution-flaws/
From the article:
The flaws
The three vulnerabilities that were disclosed earlier today by the Taiwanese CERT are the following:
- CVE-2023-39238: Lack of proper verification of the input format string on the iperf-related API module ‘ser_iperf3_svr.cgi’.
- CVE-2023-39239: Lack of proper verification of the input format string in the API of the general setting function.
- CVE-2023-39240: Lack of proper verification of the input format string on the iperf-related API module ‘ser_iperf3_cli.cgi’.
The above issues impact ASUS RT-AX55, RT-AX56U_V2, and RT-AC86U in firmware versions 3.0.0.4.386_50460, 3.0.0.4.386_50460, and 3.0.0.4_386_51529 respectively.
The recommended solution is to apply the following firmware updates:
- RT-AX55: 3.0.0.4.386_51948 or later
- RT-AX56U_V2: 3.0.0.4.386_51948 or later
- RT-AC86U: 3.0.0.4.386_51915 or later
ASUS released patches that address the three flaws in early August 2023 for RT-AX55, in May 2023 for AX56U_V2, and in July 2023 for RT-AC86U.
SA