Asus is recommending that users update the firmware of some of its most popular routers to address critical security vulnerabilities. The update includes fixes or mitigations for nine security vulnerabilities.

According to Bleeping Computer, the vulnerabilities CVE-2022-26376 and CVE-2018-1160 are of most concern: the first is a memory corruption vulnerability that could allow an attacker to launch a DoS attack or execute code; the second is a NIST According to the National Vulnerability Database, it is critical with a severity of 9.8/10.

The second vulnerability is five years old and has the same 9.8/10 severity. It too could allow an attacker to execute code. Both methods risk the router becoming part of a botnet or being used for any malicious purpose.

The list of affected models is as follows: GT6, GT-AXE16000, GT-AX11000 PRO, GT-AX6000, GT-AX11000, GS-AX5400, GS-AX3000, XT9, XT8, XT8 V2, RT-AX86U PRO, RT-AX86 U, RT-AX86S, RT-AX82U, RT-AX58U, RT-AX3000, TUF-AX6000, TUF-AX5400.

Asus clearly believes these are critical issues. If you choose not to install this new firmware version, we strongly recommend that you disable any services accessible from the WAN side to avoid the possibility of unwanted intrusions. These services include remote access from the WAN, port forwarding, DDNS, VPN servers, DMZ, and port triggering," Asus states on its product security advisory web page.

In other words, turn off the Internet. Eh.

Unpatched routers are at risk of turning into botnet zombies, which can be used to carry out a variety of sneaky acts, including denial-of-service attacks, password theft, and sending spam emails.

Asus routers have been targeted in the past. Last year, its devices were vulnerable to the Cyclops Blink malware. However, Asus is not the only router manufacturer with security issues. Most manufacturers have faced security issues at some point; in 2020, the Fraunhofer Institute for Telecommunications Research (FKIE) examined 127 home routers from several manufacturers and found vulnerabilities in all 127.

Everyone should check their routers regularly for updates! Do so, or quit the Internet altogether.