Fixes issued for critical Asus WiFi router bugs

Firmware updates have been issued by Asus to address nine security vulnerabilities impacting its WiFi router offerings, reports SecurityWeek. Attackers could exploit the most critical of the fixed flaws a memory corruption issue, tracked as CVE-2018-1160 to facilitate arbitrary code execution attacks, according to Asus, which noted that the bug stemmed from inadequate bounds checking on data controlled by the attacker. Another memory corruption vulnerability, tracked as CVE-2022-26376, was also resolved in the update. Users of vulnerable Asus WiFi routers have been urged to immediately apply the firmware updates, as well as perform periodic equipment and security procedure audits although the company has also given mitigations for those who cannot implement the latest firmware. "If you choose not to install this new firmware version, we strongly recommend disabling services accessible from the WAN side to avoid potential unwanted intrusions. These services include remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port trigger," said Asus.