ASUS routers are vulnerable to authetnnication bypass and sensitive file disclosure vulnerabilities.
1821f52b283817610673596a7d3b56a3508d4306d82118292130a704086d8da1ASUS routers, which are enabled with the AiCloud service (SSL ports),
are vulnerable to bypass of authentication and sensitive file
disclosure. This vulnerability has been observed in all firmware
versions, though the latest version increases the complexity of the
attack. By sending a special crafted packet, an attacker can exploit a
weakness in the software by calling a non existent file /smb.xml. This
attack leads to sensitive path disclosure and directory traversal.
On the latest 3.0.0.4.374.2xxx firmware versions, specifically in the
the 66 and 68 series routers, have shown a weakness that may allow an
attacker to exploit the /smb.xml vulnerability with a specially
crafted packet to cause a short term denial of service to the AiCloud
service.
The full details were disclosed to the Vendor last month. There are no
known patches or workarounds at this time other than turning off any
remote access to the AiCloud service.
This is not directly related to the clear text password disclosure
made last July. Also, it is strongly advised that the password to the
administrative side of the router be changed from the default, since
hijacking the routers VPN service becomes trivial once access to the
admin console is obtained.
RT-AC68U Dual-band Wireless-AC1900 Gigabit Router
RT-AC66R Dual-Band Wireless-AC1750 Gigabit Router
RT-AC66U Dual-Band Wireless-AC1750 Gigabit Router
RT-N66R Dual-Band Wireless-N900 Gigabit Router
RT-N66U Dual-Band Wireless-N900 Gigabit Router
RT-AC56U Dual-Band Wireless-AC1200 Gigabit Router
RT-N56R Dual-Band Wireless-AC1200 Gigabit Router
RT-N56U Dual-Band Wireless-AC1200 Gigabit Router
RT-N14U Wireless-N300 Cloud Router
RT-N14UHP Wireless-N300 Cloud Router
RT-N16 Wireless-N300 Gigabit Router
RT-N16R Wireless-N300 Gigabit Router
Access Vector: Remote
Access Complexity: High
Authentication: None
Confidentiality Impact: Partial
Availability Impact: Partial
CWE-400: Uncontrolled Resource Consumption
CWE-208 Information Exposure Through Timing Discrepancy
CWE-211 Information Exposure Through Externally-Generated Error Message
CWE-289 Authentication Bypass by Alternate Name
Product Pages:
http://www.asus.com/Networking/
http://www.asus.com/support/
Research Contact - K Lovett
Discovered - January, 2014
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed