exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

ASUS RT Password Disclosure

ASUS RT Password Disclosure
Posted Apr 17, 2014
Authored by David Longenecker

ASUS RT series of routers disclose administrative credentials.

tags | exploit, info disclosure
advisories | CVE-2014-2719
SHA-256 | 8772a0c6d1603fbc6b5d100af4cf6abccf78190e836b3ada0d1b5bdd764b4937
Download | Favorite | View

ASUS RT Password Disclosure

Change Mirror Download
http://dnlongen.blogspot.com/2014/04/CVE-2014-2719-Asus-RT-Password-Disclosure.html


In mid February, I wrote that a substantial portion of ASUS wireless
routers would fail to update their firmware. In fact, the "check for
update" function would inform the administrator that the router was fully
up-to-date, even though it was not. ASUS was very quick to fix this. In
analyzing that issue though, I saw some things that looked like potential
avenues of exploit.


The Web GUI for the ASUS RT- series of routers exposes the administrator
username and password in clear text. This is true for
the RT-AC68U, RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R,
RT-N66U, RT-N56R, RT-N56U models. I have not tested but suspect the same is
true of RT-N53, RT-N14U, RT-N16, and RT-N16R since they use the same
firmware base but a different sub-version. This is CVE-2014-2719.


If the administrator is logged in, an attacker can browse to
<router_address>/Advanced_System_Content.asp and obtain the username and
password.  Another researcher demonstrated a way to access the router
via embedded images in an email message 18 months ago; that combined with
this would gain an attacker easy administrative access.


Compounding the problem, the admin login does not have a session timeout.
Thus, if the administrator logged in (such as when first configuring the
router, or subsequently installing an update) and does
not intentionally logout, the session remains live and can be exploited as
described above, even if the administrator no longer has a window open on
the router.


Firmware 3.0.0.4.374.5517 fixes both of these issues. The new code no
longer shows the current password to users, and there is a new option to
automatically logout after a set period of time. By default, the router
will now log the administrator account out after 30 minutes; you can set
this anywhere from 10 minutes to 999 minutes, or disable the feature if you
prefer to stay logged in indefinitely.

-- 
Regards,
David Longenecker

Connect: Security Blog <http://dnlongen.blogspot.com> | Security
Twitter<https://www.twitter.com/dnlongen> |
Awana Twitter <https://www.twitter.com/dstx_awana> |
LinkedIn<https://www.linkedin.com/in/dnlongen/>


Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close