Asus on julkaissut tiedotteen koskien useamman mallin haavoittuvuudesta jolle ei vielä ole virallista korjausta:
Multiple ASUS router models are vulnerable to the Russia-linked Cyclops Blink malware threat, causing the vendor to publish an advisory with mitigations for the security risk.
www.bleepingcomputer.com
Vulnerable ASUS devices
In an advisory released today, ASUS warns that the following router models and firmware versions are vulnerable to Cyclops Blink attacks:
- GT-AC5300 firmware under 3.0.0.4.386.xxxx
- GT-AC2900 firmware under 3.0.0.4.386.xxxx
- RT-AC5300 firmware under 3.0.0.4.386.xxxx
- RT-AC88U firmware under 3.0.0.4.386.xxxx
- RT-AC3100 firmware under 3.0.0.4.386.xxxx
- RT-AC86U firmware under 3.0.0.4.386.xxxx
- RT-AC68U, AC68R, AC68W, AC68P firmware under 3.0.0.4.386.xxxx
- RT-AC66U_B1 firmware under 3.0.0.4.386.xxxx
- RT-AC3200 firmware under 3.0.0.4.386.xxxx
- RT-AC2900 firmware under 3.0.0.4.386.xxxx
- RT-AC1900P, RT-AC1900P firmware under 3.0.0.4.386.xxxx
- RT-AC87U (EOL)
- RT-AC66U (EOL)
- RT-AC56U (EOL)
At this time, ASUS has not released new firmware updates to protect against Cyclops Blink but have released the following mitigations that can be used to secure devices:
- Reset the device to factory default: Login into the web GUI, go to Administration → Restore/Save/Upload Setting, click the "Initialize all the setting and clear all the data log," and then click Restore button."
- Update to the latest available firmware.
- Ensure the default admin password has been changed to a more secure one.
- Disable Remote Management (disabled by default, can only be enabled via Advanced Settings).
If you are using any of the three models designated as EOL (end of life), note that these are no longer supported and thus won't receive a firmware security update. In this case, you are recommended to replace your device with a new one.
Softatuen ulkopuolella olevia malleja ei siis enää suositella käytettäväksi.
Asus on muuttanut tuota tiedotetta 03/25/2022. Eli 386 muuttunut 384.
www.asus.com
Affected products
GT-AC5300 firmware = 3.0.0.4.384.xxxx or earlier version
GT-AC2900 firmware = 3.0.0.4.384.xxxx or earlier version
RT-AC5300 firmware = 3.0.0.4.384.xxxx or earlier version
RT-AC88U firmware = 3.0.0.4.384.xxxx or earlier version
RT-AC3100 firmware = 3.0.0.4.384.xxxx or earlier version
RT-AC86U firmware = 3.0.0.4.384.xxxx or earlier version.
RT-AC68U, AC68R, AC68W, AC68P firmware = 3.0.0.4.384.xxxx or earlier version
RT-AC66U_B1 firmware = 3.0.0.4.384.xxxx or earlier version
RT-AC3200. We advise users to reset the router and disable remote connection. New firmware will be released soon.
RT-AC2900 firmware = 3.0.0.4.384.xxxx or earlier version.
RT-AC1900P, RT-AC1900P = 3.0.0.4.384.xxxx or earlier version.
RT-AC87U (EOL)
RT-AC66U (EOL)
RT-AC56U (EOL)
Edit: Esim RT-AC68U laitteeseen on julkaistu versio "3.0.0.4.385.10000" 26.11.2019.