Multiple vulnerabilities found in Asus RT routers, update needed
Changing default credentials is one of the most important security precautions. And the latest Asus wireless router vulnerability is just another example that shows why you need to change it.
Security experts from ‘Nightwatch Cybersecurity’ have discovered multiple vulnerabilities in 40 different Asus RT router models. According to experts, recent vulnerabilities allows malicious sites to login and change the router settings, exfiltrate router data and reveal WiFi password.
Lack of CSRF (Cross-Site Request Forgery) controls on built-in web interface of the affected router models allows a malicious website to submit a login request without the victim’s knowledge. And the default device credential (admin/admin) is the first thing to be tried in such attack scenario. When a user (or a malicious application) on the same network with the victim visits the malicious website, CSRF attack allows attackers to login, change router settings and save settings!
The various pages within the interface that can save settings do not have CSRF protection. That means that a malicious site, once logged in as described above would be able to change any settings in the router without the user’s knowledge.
This attack may also lead to malware infection, MiTM attacks and even disclosure of sensitive information by modifying DNS settings and redirecting traffic to other malicious websites. The vulnerability is dubbed as CVE-2017-5891.
Example of an exploit as follows:
<form action="http://192.168.1.1/login.cgi" method="post" target="_blank"> <input name="login_authorization" type="text" value="YWRtaW46YWRtaW4=" /> <input type="submit" /></form>
Additionally, two JSONP endpoints exist within the router allows information disclosure without login (CVE-2017-5892 and CVE-2017-8877).
And the final vulnerability which exist in XML endpoints in router device may allow an attacker to reveal WiFi password by accessing the ‘[router IP]/WPS_info.xml’ URL. Login required at this point… Remember what i said about changing default device password?
Asus 4G-AC55U, RT-AC51U, RT-AC52U B1, RT-AC53, RT-AC53U, RT-AC55U, RT-AC56R, RT-AC56S, RT-AC56U, among others, are some of the affected models. You can see the full list here.
How to protect?
Again, it is strongly advised to change the default credentials. Asus released firmware updates to fix the issue. You need to download and update your device. You can find Asus’s security fixes here.
Please subscribe to our free security newsletter.
427 total views, 2 views today