Asus advised consumers on Monday that nine security flaws in its routers allowed for remote code execution, denial-of-service attacks, and authentication bypasses. The computer hardware company distributed firmware updates the same day to address the vulnerabilities. CVE-2018-1160, one of the vulnerabilities, has a high severity rating and has exposed routers to code execution attacks for the past five years.

The Asus firmware updates address both CVE-2018-1160 and CVE-2022-26376, a memory corruption bug that impacted the httpd unescape functionality of Asuswrt up to version 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen up to version 386.7. The WiFi router models with these vulnerabilities are the Asus GT6, GT-AXE16000, GT-AX11000 PRO, GT-AX6000, GT-AX11000, GS-AX5400, GS-AX3000, XT9, XT8, XT8 V2, RT-AX86U PRO, RT-AX86U, RT-AX86S, RT-AX82U, RT-AX58U, RT-AX3000, TUF-AX6000, and TUF-AX5400. Asus strongly advises its customers to update their routers with the new firmware immediately. The company also noted disabling the router’s services from the WAN side would prevent undesired invasions.

Read More: