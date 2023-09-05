Three critical-severity remote code execution vulnerabilities have been discovered in ASUS RT-AX55, RT-AX56U_V2, and RT-AC86U routers. If left unpatched, these vulnerabilities could enable threat actors to take control of the devices. The affected routers are popular high-end models widely used by gamers and individuals with high-performance networking needs.

The vulnerabilities, each rated 9.8 out of 10.0 on the CVSS v3.1 scale, are format string flaws that can be exploited remotely and without authentication. They can lead to remote code execution, service interruptions, and unauthorized actions on the device.

Format string flaws are security issues caused by the lack of validated and sanitized user input within format string parameters of certain functions. These flaws can result in various problems, including disclosing sensitive information and executing malicious code.

To exploit these vulnerabilities, attackers would send specially crafted input to the affected devices, targeting specific administrative API functions on ASUS routers.

The three disclosed vulnerabilities are as follows:

– CVE-2023-39238: Lack of proper input format string verification in the ‘ser_iperf3_svr.cgi’ module related to iperf.

– CVE-2023-39239: Lack of proper input format string verification in the general setting function API.

– CVE-2023-39240: Lack of proper input format string verification in the ‘ser_iperf3_cli.cgi’ module related to iperf.

The affected firmware versions are 3.0.0.4.386_50460 for RT-AX55, 3.0.0.4.386_50460 for AX56U_V2, and 3.0.0.4_386_51529 for RT-AC86U. ASUS released patches to address these vulnerabilities in August 2023 for RT-AX55, May 2023 for AX56U_V2, and July 2023 for RT-AC86U.

Users who have not applied these security updates should consider their devices vulnerable and take immediate action to install the patches. Additionally, disabling the remote administration (WAN Web Access) feature is strongly advised to prevent unauthorized access from the internet.

