Asus warns users to install update for major router security flaws immediately

Asus has released updated router firmware containing fixes for nine security flaws, including high- and critical-severity ones in several router product ranges.

The company urges customers to update their devices as soon as possible or restrict WAN access until their equipment is secure.

“Please note, if you choose not to install this new firmware version, we strongly recommend disabling services accessible from the WAN side to avoid potential unwanted intrusions,” said Asus.

“These services include remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port trigger.”

“We strongly encourage you to periodically audit both your equipment and your security procedures, as this will ensure that you will be better protected,” it added.

The vulnerabilities impact the following ASUS router models:

• GT6;
• GT-AXE16000;
• GT-AX11000 PRO;
• GT-AX6000;
• GT-AX11000;
• GS-AX5400;
• GS-AX3000;
• XT9;
• XT8;
• XT8 V2;
• RT-AX86U PRO;
• RT-AX86U;
• RT-AX86S;
• RT-AX82U;
• RT-AX58U;
• RT-AX3000;
• TUF-AX6000; and,
• TUF-AX5400.

ASUS has warned customers with impacted routers to update them as soon as possible through one of its various channels, including the ASUS support website, each router’s product page, or via links provided in its advisory.

It also advises that customers create distinct passwords — comprising at least eight characters, including capitalised letters, numbers, and symbols — for their wireless network and router administration portals.

Now read: Zero-day flaw in popular file transfer software posted to Twitter