Asus and Huawei, two well-known manufacturers of network devices, have recently pointed out critical security vulnerabilities in some of their router models. Both companies have released firmware updates to address these vulnerabilities. Users of these devices are urged to update their firmware as soon as possible.
Asus routers: numerous models affected
According to a report from Bleeping Computer, 19 router models from Asus are affected by the vulnerabilities. The CVE-2022-26376 and CVE-2018-1160 vulnerabilities are particularly highlighted as being critical. The first could allow an attacker to cause memory corruption through a specially crafted HTTP request. The second vulnerability, which has been known for some time, affects the Netatalk file server and could allow attackers to execute arbitrary code.
Asus has pointed out this and other vulnerabilities in a security advisory and provided new firmware to fix them. The list of gaps closed and bugs fixed with the cumulative updates is extensive and includes DoS vulnerabilities, information disclosure vulnerabilities and token authentication security issues, among others.
If for some reason users cannot or do not want to install the firmware updates, Asus recommends disabling the services accessible via WAN. These include WAN remote access, port forwarding, DDNS, VPN servers, DMZ and port triggers.
|Affected Asus routers||Firmware download|
Huawei router: one model affected
The CVE-2022-48469 vulnerability, which has been known since May and allows an attacker to hijack data packets in transit (traffic hijacking), affects only the B535-232a router model at Huawei. To address this vulnerability, Huawei has released an updated firmware version 188.8.131.52(H318SP6C983) for this specific model. According to a security announcement from the company, the update will be automatically applied to the affected devices.
The security of network devices is critical, as they are often the gateway to our digital lives. Users of Asus and Huawei routers should install the provided firmware updates as soon as possible to protect their devices from potential attacks. It is also always advisable to check for and install updates regularly to ensure device security.