ASUS Gaming Routers Are Getting Gamed; Update Early, Update Often
It’s Only A 9.8 Out Of 10
If you are running an ASUS gaming router you should look for some updates, especially if you are running an ASUS RT-AX55, RT-AX56U_V2, or RT-AC86U. You can grab the appropriate firmware from the story at Bleeping Computer or from ASUS directly, but you really should move updating to the top of your list. The vulnerabilities are about as severe as they can get, as you could already have fallen victim without your knowledge.
The format string vulnerabilities which these three models suffer from can be triggered remotely, and without any need for authentication so no matter how good your password is. These vulnerabilities remove the need to use the password since the router doesn’t check those strings to see if they contain code. Attackers can therefore insert code into a normal API call and trick your ASUS gaming router into running that code and potentially taking over the router. Take a moment and check if you aren’t sure what your model is!
Format string flaws are security problems arising from unvalidated and/or unsanitized user input within the format string parameters of certain functions. They can lead to various issues, including information disclosure and code execution.
