ASUS is releasing a firmware update for selected routers. Our most recent firmware update contains enhanced security protections against unauthorized access, alteration, disclosure of data, malware, phishing and DDoS attacks.

We strongly encourage you to periodically audit both your equipment and your security procedures, as this will ensure that you will be better protected against unwanted intrusion. As a user of an ASUS router, we advise taking the following actions:

1. Update your router to the latest firmware. We strongly recommend that you do so as soon as new firmware is released. You will find the latest firmware available for download from the ASUS support page at https://www.asus.com/support/ or the appropriate product page at https://www.asus.com/Networking/. ASUS has provided a link to new firmware for selected routers at the end of this notice.
2. Set up separate passwords for your wireless network and router-administration page. Use passwords with a length of at least eight characters, including a mix of capital letters, numbers and symbols. Do not use the same password for multiple devices or services.
3. Enable ASUS AiProtection, if your router supports this feature. Instructions on how to do this can be found in your router’s manual, or on the relevant ASUS support page, at https://www.asus.com/Networking/.

Please note that if you choose not to install this new firmware version then, to avoid any potential unwanted intrusion, we strongly recommend that you disable remote access from WAN or AiCloud, and reset your router to its default settings.

If you have already installed the latest firmware version, please disregard this notice.

Should you have any question or concerns, please contact ASUS via our Security Advisory reporting system: https://www.asus.com/securityadvisory/

For further help with router setup and an introduction to network security, please visit
https://www.asus.com/support/FAQ/1008000
https://www.asus.com/support/FAQ/1039292

ASUS is aware of the vulnerability listed below. We take your security seriously and are working diligently to provide a software update for the affected ZenFone models. Please update your ZenFone to the latest software version as soon as it becomes available. In the meantime, we highly recommended using ASUS Mobile Manager or installing another reliable third-party security app to further secure your devices.

Possible vulnerability:
ASUS Contact

• Private contacts’ user profiles (name, call log, settings) are liable to be accessed, added or deleted.
• Information of blacklist (blocked phone numbers) is liable to be accessed, added or deleted.

• Private message may be leaked.
• Any apps can send voice messages without user’s permission.

• No permissions required to unlock app

The following are some security precautions recommended for all users:
(1) Ensure your operating system and software up to date with the latest version, which you can find on the ASUS website (www.asus.com). Using the search tool located on the top right hand of the ASUS website, search for your device model, and then follow this path: Support > Driver & Utility > Driver & Tools > BIOS & Firmware. Here you can double check if the latest version is the same on your device or you can choose to download it in the event your device did not automatically update.
(2) Do not download any apps outside of Google Play.
(3) Uninstall all apps previously downloaded from non-Google Play sources.
(4) Install ASUS Mobile Manager or a reliable third-party security app to strengthen the security of your devices and applications.

Vulnerability: OpenVPN users are able to log in to the web UI with their password

Solution:
Please immediately update ASUS router's firmware
If a firmware update cannot be made the mitigations listed below should be applied, however it’s strongly advised the user updates the firmware at the earliest opportunity:
• Disable VPN (available on limited models)
• Change login ID & password again. The password should be at least 8 characters using a mix of letters, numbers and special symbols.

Affected Products
Model Firmware(Minimum Recommended Version)
BRT-AC828 3.0.0.4.380.7526
GT-AC5300 3.0.0.4.384.21045
RT-AC5300 3.0.0.4.384.20942
RT-AC88U 3.0.0.4.384.20942
RT-AC3200 3.0.0.4.382.50470
RT-AC3100 3.0.0.4.384.20942
RT-AC88U 3.0.0.4.382.50702
RT-AC88R 3.0.0.4.382.50702
RT-AC86U 3.0.0.4.384.21045
RT-AC2900 3.0.0.4.384.21045
RT-AC68U 3.0.0.4.384.20942
RT-AC68R 3.0.0.4.384.20942
RT-AC68P 3.0.0.4.384.20942
RT-AC68W 3.0.0.4.384.20942
RT-AC68UF 3.0.0.4.384.20942
RT-AC1900U 3.0.0.4.384.20942
RT-AC1900 3.0.0.4.384.20942
RT-AC56U 3.0.0.4.382.50624
RT-AC56S 3.0.0.4.382.50624
RT-AC66U_B1 3.0.0.4.384.20942
RT-AC1750_B1 3.0.0.4.384.20942
RT-AC66U 3.0.0.4.382.50470
RT-AC66R 3.0.0.4.382.50470
RT-AC66W 3.0.0.4.382.50470
RT-AC55UHP 3.0.0.4.382.50470
RT-AC55U 3.0.0.4.382.50470
RT-AC1200G 3.0.0.4.382.50624
RT-AC1200G+ 3.0.0.4.382.50624
RT-N800HP 3.0.0.4.382.50470
RT-N66U_C1 3.0.0.4.384.20942
RT-N66U 3.0.0.4.382.50470
RT-N18U 3.0.0.4.382.50470
Lyra 3.0.0.4.382.11600
Lyra mini 3.0.0.4.382.11600
Lyra Trio 3.0.0.4.382.20208
BlueCave 3.0.1.4.383.19267

ASUS is aware of the vulnerability listed below. We take your security seriously and are working diligently to provide a software update for the affected ZenFone/ZenPad models. Please update your ZenFone/ZenPad to the latest software version as soon as it becomes available. In the meantime, we highly recommended using ASUS Mobile Manager or installing another reliable third-party security app to further secure your devices.

Possible vulnerability:
• A malicious app can get a bug report.
• A malicious app can take a screenshot (with a screenshot animation).
• Arbitrary apps can be installed remotely over the internet and can also be uninstalled after being run.
• Commands can be executed as the system user.

The following are some security precautions recommended for all users:
(1) Ensure your operating system and software up to date with the latest version, which you can find on the ASUS website (www.asus.com). Using the search tool located on the top right hand of the ASUS website, search for your device model, and then follow this path: Support > Driver & Utility > Driver & Tools > BIOS & Firmware. Here you can double check if the latest version is the same on your device or you can choose to download it in the event your device did not automatically update.
(2) Do not download any apps outside of Google Play.
(3) Uninstall all apps previously downloaded from non-Google Play sources.
(4) Install ASUS Mobile Manager or a reliable third-party security app to strengthen the security of your devices and applications.

Talos Intelligence recently discovered that VPNFilter is targeting more makes and models than initial release, and the following ASUS routers may be potential targets:
RT-AC66U
RT-N10 (EOL)
RT-N10E (EOL)
RT-N10U (EOL)
RT-N56U (EOL)
RT-N66U

To help owners of these routers take necessary precautions, we compiled a security checklist:
(1) Reset the device to factory default: Hold the Reset button in the rear for at least five seconds until the power LED starts blinking.
(2) Update all devices to the latest firmware.
(3) Ensure default admin password had been changed to a more secure one.
(4) Disable Remote Management (disabled by default, can only be enabled via Advanced Settings).
(5) Enable the URL filter in the Advanced Settings -> Firewall. Set the Filter table type as Black List. Add the "photobucket" and "toknowall" in the URL filter list.

For any users with the EOL models listed above, we strongly advise upgrading to a router with AiProtection. A wide selection of ASUS and ROG routers offer AiProtection powered by Trend Micro™. Anytime a threat is detected, the connection between your device and the malicious server is blocked before any personal data is compromised. The list of malicious servers is constantly updated by syncing with the Trend Micro cloud database automatically, to ensure your network environment is secure around the clock.

Vulnerability: CVE-2018-5999, CVE-2018-6000

ASUS and ROG router products affected are shown in a list below.

This vulnerability bypasses any user/password changes made by the owner.
Possible changes to router settings:

• Port number changes
• VPN account & password changes
• DDNS changes
• The UI language has changed

Solution:
Please immediately update your ASUS and ROG router to the latest firmware available.
If a firmware update cannot be made the mitigations listed below should be applied, however it’s strongly advised the user updates the firmware at the earliest opportunity:

• Disable SSH / Telnet
• Disable VPN (available on limited models)
• Enable AiProtection (available on limited models)
• Change login ID & password again. The password should be at least 8 characters using a mix of letters, numbers and special symbols.

ASUS is working closely with chipset suppliers to resolve the vulnerability in the WPA2 security protocol, which affects some but not all ASUS products (check the list below). KRACK can exploit the vulnerability only under certain conditions highlighted in the previous update. Your network configuration is more secure when under these conditions:

(1) Routers and gateways working in their default mode (Router Mode) and AP Mode.
(2) Range extenders working in AP Mode.
(3) When Powerline adapters and switch products are used.

ASUS is working actively towards a solution, and will continue to post software updates. Find out more: https://www.asus.com/support/

Full list of routers unaffected by KRACK while in default mode:
GT-AC5300
RT-AC1200
RT-AC1200G
RT-AC1200G Plus
RT-AC1200HP
RT-AC1300HP
RT-AC1900
RT-AC1900P
RT-AC3100
RT-AC3200
RT-AC51U
RT-AC52U
RT-AC53
RT-AC5300
RT-AC53U
RT-AC54U
RT-AC55U
RT-AC55UHP
RT-AC56S
RT-AC56U
RT-AC58U
RT-AC66U
RT-AC66U B1
RT-AC66W
RT-AC68P
RT-AC68UF
RT-AC68W
RT-AC86U
RT-AC87U
RT-AC88U
RT-ACRH17
RT-ACRH13
RT-N10P V3
RT-N11P B1
RT-N12 D1
RT-N12 VP B1
RT-N12+
RT-N12+ B1
RT-N12E C1
RT-N12E_B1
RT-N12HP B1
RT-N14U
RT-N14UHP
RT-N16
RT-N18U
RT-N300 B1
RT-N56U
RT-N56U B1
RT-N65U
RT-N66U
RT-N66W
BRT-AC828
DSL-AC87VG
DSL-AC52U
DSL-AC55U
DSL-AC56U
DSL-AC68R
DSL-AC68U
DSL-N10_C1
DSL-N12E_C1
DSL-N12HP
DSL-N12U
DSL-N12U B1
DSL-N12U D1
DSL-N12U_C1
DSL-N14U
DSL-N14U B1
DSL-N16
DSL-N16U
DSL-N17U
DSL-N55U D1
DSL-N55U_C1
4G-AC68U
RT-AC65U
RT-AC85U

ASUS is aware of the recent WPA2 vulnerability issue. We take your security and privacy seriously and are currently working towards a full solution as quickly as possible. In the meantime, we want to help clarify the severity of the potential threat, and let our valued customers know the appropriate steps to take in order to avoid or lessen the threat of being compromised.

Your devices are only vulnerable if an attacker is in physical proximity to your wireless network and is able to gain access to it. This exploit cannot steal your banking information, passwords, or other data on a secured connection that utilizes proper end-to-end encryption. However, an attacker could capture and read this information on an unsecured connection via an exploited WiFi network. Depending on the network configuration, it is also possible for the attacker to redirect network traffic, send invalid data to devices or even inject malware into the network.

We are feverishly working with chipset suppliers to resolve this vulnerability and will release patched firmware for affected routers in the near future. Before this patched firmware is released, here are a few cautions all users should take:

(1) Avoid public Wi-Fi and Hotspots until the routers and your devices are updated. Use cellular network connections if possible.
(2) Only connect to secured services that you trust or have been verified. Web pages that use HTTPS or another secure connection will include HTTPS in the URL. If the connection is secured using TLS 1.2 your activities with that service is safe for now.
(3) Keep your operating system and antivirus software up-to-date. Microsoft recently updated Windows to fix this exploit on their latest operating systems. Google and Apple are following suit shortly.
(4) When in doubt, be safe and use your cellular network or a wired connection (Ethernet) to access the internet. This exploit only affects 802.11 traffic between a Wi-Fi router and a connected device on an exploited WiFi connection.

• Aamir Usman Khan
• Khun Myat
• Ko Ko Naing
• Mustafa Diaa ( @c0braBaghdad1 )
• Nyi Htet Aung
• Pranshu Tiwari
• Tarun Mahour
• Wai Yan Aung
• Tao Sauvage, IOActive, Senior Security Consultant

• Priyanshu Gupta
• Wai Yan Aung
• Talib Osmani
• Javier Aguinaga
• Chaoyi Lu
• Resecurity International

• Salman Sajid Khan
• Tijo Davis
• Roy Solberg
• CodeBreaker of STARLabs

• Mustafa Kemal Can
• Jesus Arturo Espinoza Soto
• Wai Yan Aung
• JAIMEivanM mendoza ribera
• Suraj Gourkar
• Sabeer Bijapur

• Hamza Mandil
• bharat
• Mustafa Khan
• AbdelRhman Adel
• Mohammed Adam
• Thejus Krishnan

• Numan ÖZDEMİR
• Hazem Osama
• Pyae Phyoe Thu
• Hein Thant Zin
• Ram Makwana
• Wai Yan Aung

• Himanshu Rahi
• Ashik S N
• Dhiyaneshwaran
• Wai Yan Aung
• Pratik Raut
• CYBERNETIV DIGITAL
• Duda, Przemyslaw

• Ruikai Liu
• Fakhri Zulkifli
• Matthew Cundari
• Deepanshu Tyagi
• Mayank
• Baiqing Lyu (吕柏庆)

• El-Staifi
• Wai Yan Aung
• Bill Ben Haim
• Sumit Sahoo
• Lakshay Gupta
• tty0

• Rick Ramgattie
• Nishant Saurav
• Mohammed Adel
• Wai Yan Aung
• Pethuraj M

• Lawrence Amer
• Alban Cenaj
• Wai Yan Aung

• Yeasir Arafat
• Anil Tom
• Sara Badran

• Yonghui Han of Fortinet's FortiGuard Labs
• Dmitriy Alekseev
• Fish Getachew
• Nathu Nandwani
• Nicodemo Gawronski & Ana Maria Popescu @amiutza
• Diego Juarez from Core Security Technologies for Elevation of Privilege vulnerability in Asus Aura Sync.
• Mohamed A. Baset of Seekurity.com SAS de C.V.

• Emad Abou Shanab
• Konduru Jashwanth
• Nikhil Srivastava
• Dan Nino I. Fabro.
• Kunal Bahl

• HaoTian Xiang
• Niv Levi
• Chris Wood
• Vasim Shaikh (India)
• Wen Bin Kong
• Florian Kunushevci
• Pritesh Mistry
• Ismail Tasdelen

• Dipak Prajapati
• Vasim Shaikh (India)
• Akaash M. Sharma
• Kushal Sharma
• Adesh Nandkishor Kolte
• Chirag Gupta
• Osanda Malith Jayathissa (@OsandaMalith)
• Chacko K Abraham
• Suvadip Kar
• Ankit Singh Nikhil Sahoo and Ipsita Subhadarshan Sahoo
• Yassine Nafiai
• Guy Arazi

• Blazej Adamczyk
• Joaquim Espinhara
• Beyond Security’s SecuriTeam Secure Disclosure program
• David Maciejak of Fortinet's FortiGuard Labs

• Ketankumar Godhani
• Ankit Singh
• Junaid Farhan

• Daniel Diez
• Sankalpa Nirmana
• Vyshnav Vizz

• Samet Şahin
• Ranjeet Jaiswal

• Yoko
• Sreedeep Ck Alavil

• Cool Alfaiz
• Manav Infosec
• Mohammad Abdullah

• Cool Alfaiz

• CDL

• Kishan Kumar

• Yunus Yildirim
• Muhammad Hammad
• Chris

• Steave Afters
• Jhack