[Vulnerability Alert] Security Vulnerability in ASUS RT-AX55 Wireless Router (CVE-2023-39780) – Immediate Patch Recommended
publish date :
2025-06-10
update date :
2025-06-10
Source: Ministry of education information & communication security contingency platform
| Publication Number | TACERT-ANA-2025060901064141 | Publication Time | 2025/06/09 13:06 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2025/06/09 13:06 |
| Impact Level | Medium | ||
| [Subject] [Vulnerability Alert] Security Vulnerability in ASUS RT-AX55 Wireless Router (CVE-2023-39780) – Immediate Patch Recommended |
|||
| [Content] Forwarded from the National Institute of Cyber Security NISAC-200-202506-00000015 Researchers have recently identified ongoing attacks exploiting a known OS command injection vulnerability (CVE-2023-39780) in ASUS RT-AX55 wireless routers. This vulnerability allows remote attackers with basic privileges to inject arbitrary system commands into specific parameters and execute them on the device. The vulnerability has been actively exploited; prompt remediation is strongly advised. Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
| [Affected Platform] Firmware version 3.0.0.4.386.51598 of ASUS RT-AX55 |
|||
| [Recommended Actions] Update firmware to version 3.0.0.4.386_51948 or later. |
|||
| [Reference] 1. https://nvd.nist.gov/vuln/detail/CVE-2023-39780 2. https://nvd.nist.gov/vuln/detail/CVE-2023-41345 3. https://nvd.nist.gov/vuln/detail/CVE-2023-41346 4. https://nvd.nist.gov/vuln/detail/CVE-2023-41347 5. https://nvd.nist.gov/vuln/detail/CVE-2023-41348 6. https://www.asus.com/content/asus-product-security-advisory/ 7. https://ithome.com.tw/news/169322 |
|||
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer:
Computer Center