Top ASUS routers have serious security flaws that could let hackers hijack your device

malware
(Image credit: Elchinator from Pixabay)

Cybersecurity researchers discovered three major vulnerabilities in some high-end ASUS routers, which could be used to hijack endpoints, disrupt connectivity, and deploy malware and ransomware.

The routers in question are ASUS RT-AX55, RT-AX56U_V2, and RT-AC86U - all high-end devices used by gamers and other individuals with high-performance demands. 

The vulnerabilities plaguing these devices are tracked as CVE-2023-39238, CVE-2023-39239, and CVE-2023-39240. They carry scores between 9.8 and 10.0, and affect firmware versions 3.0.0.4.386_50460, 3.0.0.4.386_50460, and 3.0.0.4_386_51529 respectively.

Remote admin

In the meantime, ASUS has deployed a fix and urged its users to apply it immediately. Those using any of the three vulnerable routers should make sure they apply these firmware updates: 

RT-AX55: 3.0.0.4.386_51948 or later
RT-AX56U_V2: 3.0.0.4.386_51948 or later
RT-AC86U: 3.0.0.4.386_51915 or later

Also, users are advised to turn off the remote administration feature (WAN Web Access), as that’s how hackers usually target these devices.

ASUS has had a busy summer. In late June this year, the company was forced to push out a firmware update to address a number of high-severity flaws that were discovered. The firmware update addressed no fewer than nine CVEs, including three from 2023, five from 2022, and one dating back as far as 2018. A number of other vulnerabilities and issues were also fixed as part of the motion.

In a statement, the company noted that, “If you choose not to install this new firmware version, we strongly recommend disabling services accessible from the WAN side to avoid potential unwanted intrusions,” which includes remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port trigger.

The routers in question included: GT6, GT-AXE16000, GT-AX11000 PRO, GT-AXE11000, GT-AX6000, GT-AX11000, GS-AX5400, GS-AX3000, XT9, XT8, XT8 V2, RT-AX86U PRO, RT-AX86U, RT-AX86S, RT-AX82U, RT-AX58U, RT-AX3000, TUF-AX6000, and TUF-AX5400.

Via: BleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
cables going into the back of a broadband router on white background
Netgear urges users to patch major router security issues now
China
Juniper patches security flaws which could have let hackers take over your router
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple routers hit by new critical severity remote command injection vulnerability, with no fix in sight
An image of network security icons for a network encircling a digital blue earth.
Industrial networks exposed to attack by faulty Moxa devices
A VPN runs on a mobile phone placed on a laptop keyboard
Major new online tunneling vulnerability could put millions of devices at risk
China
Chinese hackers targeting Juniper Networks routers, so patch now
Latest in Security
Data leak
Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Latest in News
Buzz Lightyear Space Ranger Spin Rennovations
Disney’s giving a classic Buzz Lightyear ride a tech overhaul – here's everything you need to know
Hisense U8 series TV on wall in living room
Hisense announces 2025 mini-LED TV lineup, with screen sizes up to 100 inches – and a surprising smart TV switch
Nintendo Music teaser art
Nintendo Music expands its library with songs from Kirby and the Forgotten Land and Tetris
Opera AI Tabs
Opera's new AI feature brings order to your browser tab chaos
An image of Pro-Ject's Flatten it closed and opened
Pro-Ject’s new vinyl flattener will fix any warped LPs you inadvertently buy on Record Store Day
The iPhone 16 Pro on a grey background
iPhone 17 Pro tipped to get 8K video recording – but I want these 3 video features instead