Asus, a popular manufacturer of wireless routers, has recently patched three critical vulnerabilities that could allow attackers to execute arbitrary code on the devices and compromise the network security. The flaws affect the Asus RT-AX55, RT-AX56U_V2, and RT-AC86U models and have a severity score of 9.8 out of 10.

The vulnerabilities were disclosed by the Taiwan National Computer Emergency Response Team (TWNCERT) on September 6, 2023. They are all related to format string errors in different API modules of the router firmware. A format string error occurs when a program does not properly validate the input strings that are used to format the output. This can lead to memory corruption, information leakage, or code execution.

The three vulnerabilities are:

These vulnerabilities are especially dangerous because they do not require authentication and can be exploited remotely over the internet or the local network. An attacker who gains control of the router can access all the devices connected to it, intercept or modify the network traffic, install malware, or launch further attacks.

Asus has released firmware updates for the affected routers that fix these issues. Users are strongly advised to update their routers as soon as possible to prevent potential attacks. The firmware versions that contain the patches are:

Users can download the firmware updates from the Asus website or use the built-in firmware upgrade feature in the router web interface. To enable automatic firmware updates, users can go to Administration > Firmware Upgrade and turn on the Auto Firmware Upgrade option.

Asus routers are not the only ones that have been affected by critical security flaws recently. A new zero-day vulnerability in the Log4j Java library, which is widely used by many web applications and servers, has been discovered and exploited by hackers. The vulnerability, tracked as CVE-2021-44228, allows remote code execution by sending a specially crafted string to a vulnerable application. Users are advised to update their Log4j library to version 2.15.0 or later or apply other mitigations as soon as possible.

Network security is essential for protecting personal data, online privacy, and digital assets from cyber threats. Users should always keep their devices updated with the latest security patches and use strong passwords and encryption to secure their network connections.