ASUS warns router customers: Patch now, or block all inbound requests
ASUS, a well-known maker of electronics products, has issued a warning to its router customers: update the firmware immediately or block all inbound requests. The company recently released firmware updates for a wide range of its home routers, along with a strong recommendation for users to disable certain services accessible from the Wide Area Network (WAN) side of their routers to avoid potential unwanted intrusions. These services include remote access, port forwarding, DDNS (Dynamic Domain Name System), VPN server, DMZ (Demilitarized Zone), and port trigger.
While ASUS expects potential attackers to start probing exposed devices with the release of the firmware updates, it also acknowledges that there may have been well-informed attackers who were already aware of some or all of these vulnerabilities. However, there have been no reports of zero-day exploits in the wild.
Long-awaited patches for critical vulnerabilities
Two of the vulnerabilities that have been patched in the firmware updates had been waiting to be addressed for a long time. These vulnerabilities had a 9.8/10 “danger score” and a CRITICAL rating in the US National Vulnerability Database (NVD).
- CVE-2022-26376: This vulnerability involved memory corruption in the httpd unescape functionality. An attacker could exploit this vulnerability by sending a specially-crafted HTTP request to trigger memory corruption.
- CVE-2018-1160: This vulnerability affected the Netatalk software component, which provides support for Apple-style networking. The lack of bounds checking on attacker-controlled data could allow a remote unauthenticated attacker to achieve arbitrary code execution.
Both of these vulnerabilities had the potential to be exploited from any operating system on any computer with a network connection, even if Apple software or a Macintosh computer was not used.
Other vulnerabilities patched
Aside from the critical vulnerabilities mentioned above, ASUS also patched several other vulnerabilities with high severity ratings:
- CVE-2022-35401: This vulnerability allowed full administrative access to the device through a specially-crafted HTTP request.
- CVE-2022-38105: This vulnerability could lead to information disclosure through specially-crafted network packets.
- CVE-2022-38393: This vulnerability could result in a denial-of-service (DoS) attack when a malicious network packet is sent.
- CVE-2022-46871: This vulnerability involved potentially exploitable bugs in the open-source libusrsctp library, which is used for the Stream Control Transmission Protocol (SCTP).
- CVE-2023-28702: This vulnerability allowed remote attackers with normal user privileges to perform command injection attacks and execute arbitrary system commands.
- CVE-2023-28703: This vulnerability involved buffer overflow and allowed a remote attacker with administrator privileges to execute arbitrary system commands.
- CVE-2023-31195: This vulnerability allowed session hijacking through the use of sensitive cookies without the Secure attribute set.
One notable vulnerability is CVE-2023-28702, which allows command injection attacks similar to the recently reported MOVEit bugs. This type of attack occurs when a command parameter sent in a web URL is blindly copied and pasted into a system-level command, allowing an attacker to execute arbitrary commands.
Another concerning vulnerability is CVE-2023-31195, which involves session hijacking through the use of insecure (non-HTTPS) connections. This vulnerability can allow an attacker to intercept and impersonate a user’s session.
Importance of prompt patching and secure practices
ASUS customers who own affected routers are strongly advised to patch their devices as soon as possible. The fact that ASUS took a long time to release the patches does not mean that users can delay applying them, especially now that the vulnerabilities are publicly known. If immediate patching is not possible, blocking all inbound access to the router is recommended until the update can be applied.
For developers and programmers, it is crucial to sanitize inputs to prevent command injection bugs and memory overflows. Additionally, timely patching of high-scoring vulnerabilities and careful review of HTTP headers to ensure the use of secure options when exchanging critical data, such as authentication tokens, are essential practices.
Conclusion
Internet security vulnerabilities can pose significant risks to individuals and organizations. Prompt patching and proactive measures to secure networks and devices are essential in minimizing these risks. Manufacturers and developers must prioritize timely release of patches to protect their customers and provide regular updates to address any potential vulnerabilities. Users should remain vigilant, keep their devices up-to-date, and follow security best practices to protect themselves from potential intrusions and attacks.
<< photo by Roman Synkevych >>
The image is for illustrative purposes only and does not depict the actual situation.
You might want to read !
- Securing the Digital Dish: Exploring SaaS Solutions for Global Food Chains
- Securing Tech Savvy Supply Chains: SaaS Solutions for Global Food Chains
- ASUS Takes Swift Action to Secure Router Models with Critical Security Bug Fixes
- Exploring the Security Concerns of Wago Controllers: Uncovering Vulnerabilities
- Exploring the Looming Threat: Unmasking the RDStealer Malware Targeting RDP Connections
- The Rise of Rorschach Ransomware: A Deep Dive into the Latest Cybersecurity Threat
- Zyxel’s Race Against Time: Urgent Security Updates for Critical NAS Device Vulnerability
- Rogue Android Apps Expose Pakistanis to Sophisticated Espionage Plot
- The Urgent Need for Asus WiFi Router Patching
