Four Command Injection Vulnerabilities Found in ASUS RT-AX55 Routers

ASUS RT-AX55 Vulnerabilities
Image Credit: Asus

Security researchers have discovered four high-severity command injection vulnerabilities in the ASUS RT-AX55 router. These vulnerabilities can be exploited by remote attackers to execute arbitrary code on the router, interrupt its service, or perform other malicious actions.

The vulnerabilities are all related to the router’s token generation, update, confirmation, and verification features. These features are used to authenticate users and authorize them to access the router’s web interface and other functions.

An attacker can exploit these vulnerabilities by sending a specially crafted HTTP request to the router. The request will contain a malicious token that, when processed by the router, will cause it to execute arbitrary code.

Image Credit: Asus

Each member of this perilous quartet carries a CVSS v3.1 score of 8.8—indicating their high-severity status. The following are the four vulnerabilities that were disclosed by the Taiwanese CERT:

  • CVE-2023-41345: ASUS RT-AC86U router’s token generation function, associated with authentication, fails to filter out special parameters.
  • CVE-2023-41346: ASUS RT-AC86U router’s token update function, related to verification, has not been adequately secured against special parameter inputs.
  • CVE-2023-41347: ASUS RT-AC86U router’s token confirmation feature connected with verification also neglects to filter special parameters.
  • CVE-2023-41348: ASUS RT-AC86U router’s verification code confirmation functionality does not adequately filter for special parameters.

The vulnerabilities affect ASUS RT-AX55 running the firmware version 3.0.0.4.386.51598, and the key to turning this precarious situation around lies in a firmware update. ASUS, staying true to its commitment to security, has dispatched digital reinforcements in the form of patches within firmware updates, released in August 2023. Users are advised to update their firmware to version 3.0.0.4.386_51948 or later as soon as possible.