ASUS has released firmware updates for ASUS RT-N66U (Ver.B1), RT-N66R and RT-N66W routers. Version 220.127.116.11.374.4422 brings several improvements, but it also addresses a total of five security issues.
ASUS has fixed a Light HTTPd vulnerability, an authentication bypass, and it has added notifications that help users avoid security risks.
A cross-site scripting (XSS) flaw, an FTP vulnerability and a security issue with Network Place (Samba) have also been addressed with version 18.104.22.168.374.4422 of the firmware.
In July 2013, security researcher Kyle Lovett discovered some vulnerabilities in various ASUS routers, including RT-N66U, RT-N66R. A Singaporean expert has also found some bugs in RT-N66U. However, since there aren’t any CVEs available, I haven’t been able to determine if these are among the security issues fixed by the latest firmware release.
You can download the latest firmware for ASUS RT-N66U, RT-N66R and RT-N66W routers from Softpedia.
Update. One of the vulnerabilities fixed with this update is the one identified by Lovett. New firmware has been released for several Asus routers.
Check out our follow-up on this story.