Release ASUS GT-AX6000 Firmware version 3.0.0.4.386.48823 (2022/05/16)

[visortgw]

ASUS GT-AX6000 Firmware version 3.0.0.4.386.48823
1.Added the WTFast to triple-level game acceleration.
2.Fixed CVE-2022-26673, CVE-2022-26674.
3.Improved system stability.

Please unzip the firmware file first then check the MD5 code.
MD5: 8c7ee0ef96bcdae5558ff0a007398f4a

https://dlcdnets.asus.com/pub/ASUS/wireless/GT-AX6000/FW_GT_AX6000_300438648823.zip

 

[forumuser92349234]

After checking what those CVEs are it looks like CVE-2022-26674 is 9.8 and allows an unauthenticated remote attacker to write to arbitrary memory address and perform remote arbitrary code execution, arbitrary system operation or disrupt service.

It sounds exactly like exploit needed for those cyclop blink guys to get into our equipment.

So my question is if i have all ports closed, remote administration disabled is there a chance this exploit could affect me?

Also second vulnerability is XSS attack CVE-2022-26673.


Explain to me if this CVE-2022-26674 is dangerous. For example i visit a website attacker gets my ip address but my router has all ports closed and web administration disabled. Is there a chance this exploit can grant access to my router?