ASUS Product Security Advisory
ASUS Product Security Advisory
We take every care to ensure that ASUS products are secure in order to protect the privacy of our valued customers. We constantly strive to improve our safeguards for security and personal information in accordance with all applicable laws and regulations, and we welcome all reports from our customers about product-related security or privacy issues. Any information you supply to ASUS will only be used to help resolve the security vulnerabilities or issues you have reported. This process may include contacting you for further relevant information.
How to report a security vulnerability or issue to ASUS
We welcome all reports about security-related issues incidents and privacy concerns, and we invite you to contact us about such matters via our dedicated email address at firstname.lastname@example.org. In order for us to deal swiftly with your concerns, please include the following information in your email:
- Your full name, and a means of contacting you. This can be an email address, a phone number or any other preferred way we can use to get in touch with you. If you provide a phone number, please include the full country code, area code and extension number (if applicable).
- Full and detailed information about the issue you wish to report. This should include the following information, as applicable:
- The name of the ASUS service(s) or system(s) that your concern relates to.
- The product type, product name and model number of the affected hardware products.
- The name, description and version number of any affected ASUS software products.
- A full and detailed description of the problem or issue, along with any background information that you believe is relevant, and any other pertinent information that may help us reproduce and/or resolve the issue.
Responsible reporting guidelines
ASUS appreciates all contributions from customers and the wider ASUS community that help to improve the security of our products and services. However, we kindly request that you act responsibly and bear in mind the following when investigating or reporting any issues:
- Do not attempt to access or modify any ASUS services, systems, products or software without authorization.
- Do not disclose, or modify, destroy or misuse any data you may discover.
- All information given to or received from any party relating to the reported issues must remain completely confidential.
What happens next?
Once we have resolved the reported issue(s), we will provide a suitable solution to all affected customers. We will treat this with the utmost priority and make the solution available as soon as it practical to do so.
ASUS will also maintain a list of the latest software updates, along with descriptions of the issues that have been fixed. Although we will notify customers wherever possible, we also recommend that customers visit this page regularly to make sure they are aware of the latest updates.
Latest security updates
10/18/2017 Security advisory for the vulnerabilities of WPA2 protocol
ASUS is aware of the recent WPA2 vulnerability issue. We take your security and privacy seriously and are currently working towards a full solution as quickly as possible. In the meantime, we want to help clarify the severity of the potential threat, and let our valued customers know the appropriate steps to take in order to avoid or lessen the threat of being compromised.
Your devices are only vulnerable if an attacker is in physical proximity to your wireless network and is able to gain access to it. This exploit cannot steal your banking information, passwords, or other data on a secured connection that utilizes proper end-to-end encryption. However, an attacker could capture and read this information on an unsecured connection via an exploited WiFi network. Depending on the network configuration, it is also possible for the attacker to redirect network traffic, send invalid data to devices or even inject malware into the network.
We are feverishly working with chipset suppliers to resolve this vulnerability and will release patched firmware for affected routers in the near future. Before this patched firmware is released, here are a few cautions all users should take:
(1) Avoid public Wi-Fi and Hotspots until the routers and your devices are updated. Use cellular network connections if possible.
(2) Only connect to secured services that you trust or have been verified. Web pages that use HTTPS or another secure connection will include HTTPS in the URL. If the connection is secured using TLS 1.2 your activities with that service is safe for now.
(3) Keep your operating system and antivirus software up-to-date. Microsoft recently updated Windows to fix this exploit on their latest operating systems. Google and Apple are following suit shortly.
(4) When in doubt, be safe and use your cellular network or a wired connection (Ethernet) to access the internet. This exploit only affects 802.11 traffic between a Wi-Fi router and a connected device on an exploited WiFi connection.
04/24/2017 New firmware available for Wireless Router RT-AC5300/ Wireless Router RT-AC3100
04/14/2017 New firmware available for Wireless Router RT-AC53
03/31/2017 New firmware available for Wireless Router RT-AC87U/ RT-AC87R/ RT-AC3200/ RT-AC68U/ RT-AC68R/ RT-AC68W/ RT-AC68P/ RT-AC1900P/ RT-AC66U/ RT-AC66R/ RT-AC1750/ RT-AC56U/ RT-AC56R/ RT-N66U/ RT-N66R/ RT-N66W/ RT-AC53U/ RT-AC51U/ RT-AC750/ RT-N300/ RT-N11P/ RT-N12+/ RT-N12+ Pro/ RT-N12E B1/
03/24/2017 New software available for Wireless Adapter PCE-AC56
12/23/2016 New firmware available for Wireless Router RT-AC5300 / RT-AC88U / RT-AC3100 / RT-AC3200 / RT-AC87U / RT-AC87R / RT-AC66U / RT-AC66W / RT-AC1750 / RT-AC55UHP / RT-AC55U / RT-AC52U / RT-N56U / RT-N12 D1
12/13/2016 New firmware available for Wireless Router RT-AC68U / RT-AC68R / RT-AC68W / RT-AC68UF / RT-AC68P / RT-AC1900P / RT-AC1900 / RT-AC66U_B1
10/29/2016 New firmware available for Repeater RP-N12 / RP-N14 / RP-N53 / RP-AC52/ RP-AC56/ Media Bridge EA-N66/ EA-N66R