If you own an Asus RT-AC1900P home wireless router, it's time to patch it up; Asus recently released a firmware update that fixes two serious security flaws that could allow an attacker with access to your home network to hack both your router and your PC The company released a firmware update that fixes.

Trustwave, the security firm that discovered the flaws, disclosed the problems in a security advisory yesterday (July 22).Trustwave found that Asus routers use a file download tool to search for firmware updates on Asus' website but does not check for digital security certificates.

"As a result, MITM [man-in-the-middle] attacks are trivial if the device is connected to a malicious network.

In other words, an attacker can trick a router into downloading and installing a malicious firmware update. And the attacker can do so by setting a trap when the router owner logs into the router's administrative interface, which appears in a web browser on the owner's PC or Mac.

"An attacker can then create a malicious file containing 'new' firmware release notes with arbitrary JavaScript," Trustwave states in its advisory.

"Through cross-site scripting, malicious JavaScript is executed when an unsuspecting administrator user clicks on a link in the release notes of a firmware upgrade page.

Once the malicious JavaScript is executed in the browser, all bets are off. Attackers can silently redirect your browser to pages containing browser exploit scripts or drive-by downloads. One can only hope that the best anti-virus program will back you up.

Since attackers already have control of your router, they can also modify your router settings to direct you to fake banking or e-mail websites, attempt to get your account login information, or try to get you to install malicious software.

To avoid such nightmarish scenarios, you can open the Asus router's administration panel and see if a firmware update is available. (Asus provides instructions here.)

Alternatively, head to Asus' RT-AC1900P firmware update page and download the latest update.

You will need to change your router's administrator password right out of the box. And make sure that your home Wi-Fi network access password is at least 10 characters long, not something that can be easily guessed. A random neighbor could gain access and wreak havoc on your router.