Three popular ASUS routers have been discovered to have critical-severity vulnerabilities, as reported by BleepingComputer. The Taiwanese computer and electronics company ASUSTek Computer Inc. is one of the top suppliers of consumer Wi-Fi routers. While it’s not known whether this vulnerability has yet been exploited, it is categorized with a score of 9.8 out of 10 in the current Common Vulnerability Scoring System (CVSS). That makes it a significant threat.
The models affected by this vulnerability are:
- RT-AX55
- RT-AX56U_V2
- RT-AC86U
How this affects you
A router is the first line of defense against unwanted traffic coming in from the internet. It’s what separates your computers and network from the rest of the world. While routers designed for home use don’t have all the security capabilities of commercial-grade firewall routers, they do provide a little protection. The vulnerabilities recently discovered could allow an attacker to take administrative control of your router. This could potentially provide the attacker with easier access to computers on your network. They may also gain the ability to re-route your web requests to malicious sites or perform other harmful acts.
What you can do
If you own one of these models, I’d recommend you update the firmware as soon as possible. ASUS provides instructions to update your ASUS router firmware here. You can download the appropriate firmware for your specific router here:
- RT-AX55: 3.0.0.4.386_51948
- RT-AX56U_V2: 3.0.0.4.386_51948
- RT-AC86U : 3.0.0.4.386_51915
While these three specific models are identified here, vulnerabilities are frequently found in other routers from ASUS and other popular brands. Check your manufacturer’s website for firmware updates regularly.
If you’re using one of these, or any consumer-grade router for your business you might consider replacing it with a firewall. Firewalls are routers with more robust security features for intrusion detection and prevention. For your work-from-home employees a cloud-based firewall or SASE solution may be better suited.