Multiple Asus routers have been found vulnerable to security flaws and quite a few of them have been labelled “critical” with a Common Vulnerability Scoring System (CVSS) score of 9.8. Meanwhile, the rest of the vulnerabilities are also labelled as “high” severity with CVSS scores of 8.8.

The vulnerabilities were disclosed by the Taiwan Computer Emergency Response Team/Coordination Center (TWCERT/CC) and there are eight of them in total. With the successful exploitation of these flaws, attackers can carry out command injection and remote code execution (RCE).

The full vulnerability list as well as the models of the routers, ie, RT-AC86U (AC2900) RT-AX56U (AX1800), and RT-AX55 (AX1800), are given below. These have been listed alongside the Taiwan vulnerability Note (TVN) IDs as well as the CVE (Common Vulnerabilities and Exposure) IDs:

• TVN-202309009 (ASUS RT-AX55, RT-AX56U_V2, RT-AC86U):
  • Format String – 3: CVE-2023-39240
• TVN-202309008 (ASUS RT-AX55, RT-AX56U_V2, RT-AC86U):
  • Format String – 2: CVE-2023-39239
• TVN-202309007 (ASUS RT-AX55, RT-AX56U_V2, RT-AC86U):
  • Format String – 1: CVE-2023-39238
• TVN-202309006 (ASUS RT-AC86U):
  • Command injection vulnerability – 5: CVE-2023-39237
• TVN-202309005 (ASUS RT-AC86U):
  • Command injection vulnerability – 4: CVE-2023-39236
• TVN-202309004 (​​​​​​​ASUS RT-AC86U):
  • Command injection vulnerability – 3: CVE-2023-38033
• TVN-202309003 (​​​​​​​ASUS RT-AC86U – ):
  • Command injection vulnerability – 2: CVE-2023-38032
• TVN-202309002 (ASUS RT-AC86U):