Update your old Asus DSL router for a critical security flaw

If you read PCWorld, you probably know that it’s important to keep your PC up to date so that security issues are fixed. And you probably know that the same is true for your phone, and even things like a PlayStation. But remember that your networking equipment is also, fundamentally, just a collection of computers. And thanks to Asus for reminding us, as it patches DSL routers to close exploitable security holes.

Specifically, Asus has released a firmware update for three relatively old DSL router models with combined Wi-Fi capabilities: the DSL-AC51, DSL-N16, and DSL-AC750. Released in 2015 and 2017, at least from what I can tell from a quick search, these are pretty simple models with no super advanced features, even for the time. But if you have one at home, you want to fix this firmware in a hurry. They are susceptible to an authentication bypass vulnerability, as published in the multi-vendor Common Vulnerabilities and Exposures (CVE) database and spotted by Bleeping Computer.

The Asus direct support pages for the DSL-AC51, DSL-N16, and DSL-AC750 are there, in the links I just posted in this sentence. Firmware can be downloaded and applied via the web interface for most routers, if not already done automatically or manually by downloading the file and then uploading it into the GUI over the local network.

What happens if your router is susceptible to this particular vulnerability, but it’s down and not patched? Asus then suggests you disable virtually all advanced features, including remote WAN access, port forwarding, DNS, VPN server, DMZ, port triggering, and FTP. Which older, unsupported DSL routers does this apply to? Don’t ask me because Asus doesn’t say.

I don’t have DSL, but I’ve realized that I don’t know the make and model of my cable modem or Wi-Fi router by heart. I think I’m going to dig out the rats’ nest behind my printer, just so I can write them down somewhere a little more accessible.