Asus, Router Cihazlarındaki Güvenlik Açığı Hakkında Açıklama Yaptı

Asus’un önerileri

In a statement sent to Tom’s Hardware, Asus noted that this security vulnerability has been resolved with a newly released software update, advising users not affected by the attack to quickly update to mitigate risks. For devices already compromised, it is recommended to first perform a software update, followed by restoring the device to factory settings and setting a strong administrator password.

For end-of-life (EOL) models or advanced users reluctant to reset to factory settings, Asus recommends completely disabling remote access features. This includes turning off services such as SSH, DDNS, AiCloud, and WAN web access, and ensuring that port 53282 is not open to the internet.

The AyySSHush botnet, identified by GreyNoise’s AI-based threat detection system named Sift, has been limited to around 30 requests thus far. However, experts believe the group behind the attack is resourceful and technically advanced. No official accusations have yet been made regarding the identity of the attackers.

Asus mentioned that even before the attack became public knowledge, they had begun working on security patches for some routers, such as the RT-AX55 model. They informed users of the security vulnerability by sending mobile notifications and published guides related to the update on their product security page and knowledge base.

Asus router users are advised to monitor device logs for suspicious SSH keys or failed login attempts. Leaving devices open to WAN access poses significant security risks, and it is believed that the majority of compromised routers operate with vulnerable settings.